diff options
| author | Peter Jones <pjones@redhat.com> | 2021-03-08 11:54:33 -0500 |
|---|---|---|
| committer | Jan Setje-Eilers <73182357+jsetje@users.noreply.github.com> | 2021-03-09 13:52:53 -0800 |
| commit | 1954ef164a55cbc4369f513cca3fb43f3550d81a (patch) | |
| tree | 124965e9d3355c9438d645fa0f1e881fe554fedf /Cryptlib/OpenSSL | |
| parent | dddeaf3f7dc8d30640119e999bbfabf4ce068a68 (diff) | |
| download | efi-boot-shim-1954ef164a55cbc4369f513cca3fb43f3550d81a.tar.gz efi-boot-shim-1954ef164a55cbc4369f513cca3fb43f3550d81a.zip | |
Minor OpenSSL fixes
These are all the NULL pointer dereferences (which all appear to be, at
worst, very difficult to hit) that gcc -fanalyzer finds in our OpenSSL
code.
Signed-off-by: Peter Jones <pjones@redhat.com>
Diffstat (limited to 'Cryptlib/OpenSSL')
| -rw-r--r-- | Cryptlib/OpenSSL/crypto/asn1/asn_mime.c | 4 | ||||
| -rw-r--r-- | Cryptlib/OpenSSL/crypto/asn1/t_req.c | 5 | ||||
| -rw-r--r-- | Cryptlib/OpenSSL/crypto/bn/bn_lib.c | 3 | ||||
| -rw-r--r-- | Cryptlib/OpenSSL/crypto/conf/conf_lib.c | 3 | ||||
| -rw-r--r-- | Cryptlib/OpenSSL/crypto/mem_dbg.c | 5 | ||||
| -rw-r--r-- | Cryptlib/OpenSSL/crypto/pkcs7/pk7_doit.c | 2 | ||||
| -rw-r--r-- | Cryptlib/OpenSSL/crypto/x509/x509_trs.c | 8 |
7 files changed, 25 insertions, 5 deletions
diff --git a/Cryptlib/OpenSSL/crypto/asn1/asn_mime.c b/Cryptlib/OpenSSL/crypto/asn1/asn_mime.c index 5170906c..017be9d9 100644 --- a/Cryptlib/OpenSSL/crypto/asn1/asn_mime.c +++ b/Cryptlib/OpenSSL/crypto/asn1/asn_mime.c @@ -843,6 +843,10 @@ static int mime_hdr_addparam(MIME_HEADER *mhdr, char *name, char *value) char *tmpname, *tmpval, *p; int c; MIME_PARAM *mparam; + + if (!mhdr) + return 0; + if (name) { tmpname = BUF_strdup(name); if (!tmpname) diff --git a/Cryptlib/OpenSSL/crypto/asn1/t_req.c b/Cryptlib/OpenSSL/crypto/asn1/t_req.c index 70aba4cc..c32241c2 100644 --- a/Cryptlib/OpenSSL/crypto/asn1/t_req.c +++ b/Cryptlib/OpenSSL/crypto/asn1/t_req.c @@ -195,10 +195,11 @@ int X509_REQ_print_ex(BIO *bp, X509_REQ *x, unsigned long nmflags, goto err; if (BIO_puts(bp, ":") <= 0) goto err; - if ((type == V_ASN1_PRINTABLESTRING) || + if (bs != NULL && ( + (type == V_ASN1_PRINTABLESTRING) || (type == V_ASN1_UTF8STRING) || (type == V_ASN1_T61STRING) || - (type == V_ASN1_IA5STRING)) { + (type == V_ASN1_IA5STRING))) { if (BIO_write(bp, (char *)bs->data, bs->length) != bs->length) goto err; diff --git a/Cryptlib/OpenSSL/crypto/bn/bn_lib.c b/Cryptlib/OpenSSL/crypto/bn/bn_lib.c index 10b78f51..2671f35c 100644 --- a/Cryptlib/OpenSSL/crypto/bn/bn_lib.c +++ b/Cryptlib/OpenSSL/crypto/bn/bn_lib.c @@ -496,6 +496,9 @@ BIGNUM *BN_copy(BIGNUM *a, const BIGNUM *b) if (bn_wexpand(a, b->top) == NULL) return (NULL); + if (!a || !b || !a->d || !b->d) + return (NULL); + #if 1 A = a->d; B = b->d; diff --git a/Cryptlib/OpenSSL/crypto/conf/conf_lib.c b/Cryptlib/OpenSSL/crypto/conf/conf_lib.c index 952b5452..b3b29adb 100644 --- a/Cryptlib/OpenSSL/crypto/conf/conf_lib.c +++ b/Cryptlib/OpenSSL/crypto/conf/conf_lib.c @@ -340,6 +340,9 @@ int NCONF_get_number_e(const CONF *conf, const char *group, const char *name, return 0; } + if (conf == NULL) + return 0; + str = NCONF_get_string(conf, group, name); if (str == NULL) diff --git a/Cryptlib/OpenSSL/crypto/mem_dbg.c b/Cryptlib/OpenSSL/crypto/mem_dbg.c index 8525ded7..c98c1b88 100644 --- a/Cryptlib/OpenSSL/crypto/mem_dbg.c +++ b/Cryptlib/OpenSSL/crypto/mem_dbg.c @@ -640,8 +640,13 @@ static void print_leak_doall_arg(const MEM *m, MEM_LEAK *l) if (m->addr == (char *)l->bio) return; + if (!bufp) + return; + if (options & V_CRYPTO_MDEBUG_TIME) { lcl = localtime(&m->time); + if (!lcl) + return; BIO_snprintf(bufp, BUF_REMAIN, "[%02d:%02d:%02d] ", lcl->tm_hour, lcl->tm_min, lcl->tm_sec); diff --git a/Cryptlib/OpenSSL/crypto/pkcs7/pk7_doit.c b/Cryptlib/OpenSSL/crypto/pkcs7/pk7_doit.c index 6cf8253b..e6a44f40 100644 --- a/Cryptlib/OpenSSL/crypto/pkcs7/pk7_doit.c +++ b/Cryptlib/OpenSSL/crypto/pkcs7/pk7_doit.c @@ -654,7 +654,7 @@ BIO *PKCS7_dataDecode(PKCS7 *p7, EVP_PKEY *pkey, BIO *in_bio, X509 *pcert) if (data_body->length > 0) BIO_write(bio, (char *)data_body->data, data_body->length); # else - if (data_body->length > 0) + if (data_body != NULL && data_body->length > 0) bio = BIO_new_mem_buf(data_body->data, data_body->length); else { bio = BIO_new(BIO_s_mem()); diff --git a/Cryptlib/OpenSSL/crypto/x509/x509_trs.c b/Cryptlib/OpenSSL/crypto/x509/x509_trs.c index 11e07634..2fa33823 100644 --- a/Cryptlib/OpenSSL/crypto/x509/x509_trs.c +++ b/Cryptlib/OpenSSL/crypto/x509/x509_trs.c @@ -131,6 +131,8 @@ int X509_check_trust(X509 *x, int id, int flags) if (idx == -1) return default_trust(id, x, flags); pt = X509_TRUST_get0(idx); + if (!pt) + return default_trust(id, x, flags); return pt->check_trust(pt, x, flags); } @@ -195,8 +197,10 @@ int X509_TRUST_add(int id, int flags, int (*ck) (X509_TRUST *, X509 *, int), return 0; } trtmp->flags = X509_TRUST_DYNAMIC; - } else - trtmp = X509_TRUST_get0(idx); + } else if (!(trtmp = X509_TRUST_get0(idx))) { + X509err(X509_F_X509_TRUST_ADD, ERR_R_MALLOC_FAILURE); + return 0; + } /* OPENSSL_free existing name if dynamic */ if (trtmp->flags & X509_TRUST_DYNAMIC_NAME) |