diff options
| author |   miod <miod@openbsd.org> | 2014-07-11 12:17:46 +0000 |
|---|---|---|
| committer | miod <miod@openbsd.org> | 2014-07-11 12:17:46 +0000 |
| commit | 4576a406b975468b74c6e2ceab0171e58f30a004 (patch) | |
| tree | ff1ade1e2ee6fddac32f12a0cceb8ba109db1f3d | |
| parent | Make CMS_decrypt_set1_pkey() return an error if no recipient type matches, (diff) | |
| download | wireguard-openbsd-4576a406b975468b74c6e2ceab0171e58f30a004.tar.xz wireguard-openbsd-4576a406b975468b74c6e2ceab0171e58f30a004.zip | |
Missing calloc() return value check in dgram_sctp_ctrl(); from Kurt Roeckx via
OpenSSL trunk
| -rw-r--r-- | lib/libcrypto/bio/bss_dgram.c | 32 | ||||
| -rw-r--r-- | lib/libssl/src/crypto/bio/bss_dgram.c | 32 |
2 files changed, 42 insertions, 22 deletions
diff --git a/lib/libcrypto/bio/bss_dgram.c b/lib/libcrypto/bio/bss_dgram.c index caa8480657d..afce2e52900 100644 --- a/lib/libcrypto/bio/bss_dgram.c +++ b/lib/libcrypto/bio/bss_dgram.c @@ -1,4 +1,4 @@ -/* $OpenBSD: bss_dgram.c,v 1.31 2014/07/11 08:44:47 jsing Exp $ */ +/* $OpenBSD: bss_dgram.c,v 1.32 2014/07/11 12:17:46 miod Exp $ */ /* * DTLS implementation written by Nagendra Modadugu * (nagendra@cs.stanford.edu) for the OpenSSL project 2005. @@ -1166,7 +1166,6 @@ dgram_sctp_ctrl(BIO *b, int cmd, long num, void *ptr) bio_dgram_sctp_data *data = NULL; socklen_t sockopt_len = 0; struct sctp_authkeyid authkeyid; - struct sctp_authkey *authkey; data = (bio_dgram_sctp_data *)b->ptr; @@ -1208,48 +1207,58 @@ dgram_sctp_ctrl(BIO *b, int cmd, long num, void *ptr) ret = setsockopt(b->num, IPPROTO_SCTP, SCTP_NODELAY, &data->in_handshake, sizeof(int)); break; case BIO_CTRL_DGRAM_SCTP_ADD_AUTH_KEY: + { + struct sctp_authkey *authkey; + /* New shared key for SCTP AUTH. * Returns 0 on success, -1 otherwise. */ /* Get active key */ sockopt_len = sizeof(struct sctp_authkeyid); - ret = getsockopt(b->num, IPPROTO_SCTP, SCTP_AUTH_ACTIVE_KEY, &authkeyid, &sockopt_len); + ret = getsockopt(b->num, IPPROTO_SCTP, SCTP_AUTH_ACTIVE_KEY, + &authkeyid, &sockopt_len); if (ret < 0) break; /* Add new key */ sockopt_len = sizeof(struct sctp_authkey) + 64 * sizeof(uint8_t); authkey = calloc(1, sockopt_len); + if (authkey == NULL) { + ret = -1; + break; + } authkey->sca_keynumber = authkeyid.scact_keynumber + 1; authkey->sca_keylength = 64; memcpy(&authkey->sca_key[0], ptr, 64 * sizeof(uint8_t)); - ret = setsockopt(b->num, IPPROTO_SCTP, SCTP_AUTH_KEY, authkey, sockopt_len); + ret = setsockopt(b->num, IPPROTO_SCTP, SCTP_AUTH_KEY, authkey, + sockopt_len); free(authkey); if (ret < 0) break; /* Reset active key */ ret = setsockopt(b->num, IPPROTO_SCTP, SCTP_AUTH_ACTIVE_KEY, - &authkeyid, sizeof(struct sctp_authkeyid)); + &authkeyid, sizeof(struct sctp_authkeyid)); if (ret < 0) break; - + } break; case BIO_CTRL_DGRAM_SCTP_NEXT_AUTH_KEY: /* Returns 0 on success, -1 otherwise. */ /* Get active key */ sockopt_len = sizeof(struct sctp_authkeyid); - ret = getsockopt(b->num, IPPROTO_SCTP, SCTP_AUTH_ACTIVE_KEY, &authkeyid, &sockopt_len); + ret = getsockopt(b->num, IPPROTO_SCTP, SCTP_AUTH_ACTIVE_KEY, + &authkeyid, &sockopt_len); if (ret < 0) break; /* Set active key */ authkeyid.scact_keynumber = authkeyid.scact_keynumber + 1; ret = setsockopt(b->num, IPPROTO_SCTP, SCTP_AUTH_ACTIVE_KEY, - &authkeyid, sizeof(struct sctp_authkeyid)); + &authkeyid, sizeof(struct sctp_authkeyid)); if (ret < 0) break; @@ -1269,7 +1278,8 @@ dgram_sctp_ctrl(BIO *b, int cmd, long num, void *ptr) if (data->ccs_rcvd == 1 && data->ccs_sent == 1) { /* Get active key */ sockopt_len = sizeof(struct sctp_authkeyid); - ret = getsockopt(b->num, IPPROTO_SCTP, SCTP_AUTH_ACTIVE_KEY, &authkeyid, &sockopt_len); + ret = getsockopt(b->num, IPPROTO_SCTP, + SCTP_AUTH_ACTIVE_KEY, &authkeyid, &sockopt_len); if (ret < 0) break; @@ -1279,8 +1289,8 @@ dgram_sctp_ctrl(BIO *b, int cmd, long num, void *ptr) authkeyid.scact_keynumber = authkeyid.scact_keynumber - 1; #ifdef SCTP_AUTH_DEACTIVATE_KEY sockopt_len = sizeof(struct sctp_authkeyid); - ret = setsockopt(b->num, IPPROTO_SCTP, SCTP_AUTH_DEACTIVATE_KEY, - &authkeyid, sockopt_len); + ret = setsockopt(b->num, IPPROTO_SCTP, + SCTP_AUTH_DEACTIVATE_KEY, &authkeyid, sockopt_len); if (ret < 0) break; #endif diff --git a/lib/libssl/src/crypto/bio/bss_dgram.c b/lib/libssl/src/crypto/bio/bss_dgram.c index caa8480657d..afce2e52900 100644 --- a/lib/libssl/src/crypto/bio/bss_dgram.c +++ b/lib/libssl/src/crypto/bio/bss_dgram.c @@ -1,4 +1,4 @@ -/* $OpenBSD: bss_dgram.c,v 1.31 2014/07/11 08:44:47 jsing Exp $ */ +/* $OpenBSD: bss_dgram.c,v 1.32 2014/07/11 12:17:46 miod Exp $ */ /* * DTLS implementation written by Nagendra Modadugu * (nagendra@cs.stanford.edu) for the OpenSSL project 2005. @@ -1166,7 +1166,6 @@ dgram_sctp_ctrl(BIO *b, int cmd, long num, void *ptr) bio_dgram_sctp_data *data = NULL; socklen_t sockopt_len = 0; struct sctp_authkeyid authkeyid; - struct sctp_authkey *authkey; data = (bio_dgram_sctp_data *)b->ptr; @@ -1208,48 +1207,58 @@ dgram_sctp_ctrl(BIO *b, int cmd, long num, void *ptr) ret = setsockopt(b->num, IPPROTO_SCTP, SCTP_NODELAY, &data->in_handshake, sizeof(int)); break; case BIO_CTRL_DGRAM_SCTP_ADD_AUTH_KEY: + { + struct sctp_authkey *authkey; + /* New shared key for SCTP AUTH. * Returns 0 on success, -1 otherwise. */ /* Get active key */ sockopt_len = sizeof(struct sctp_authkeyid); - ret = getsockopt(b->num, IPPROTO_SCTP, SCTP_AUTH_ACTIVE_KEY, &authkeyid, &sockopt_len); + ret = getsockopt(b->num, IPPROTO_SCTP, SCTP_AUTH_ACTIVE_KEY, + &authkeyid, &sockopt_len); if (ret < 0) break; /* Add new key */ sockopt_len = sizeof(struct sctp_authkey) + 64 * sizeof(uint8_t); authkey = calloc(1, sockopt_len); + if (authkey == NULL) { + ret = -1; + break; + } authkey->sca_keynumber = authkeyid.scact_keynumber + 1; authkey->sca_keylength = 64; memcpy(&authkey->sca_key[0], ptr, 64 * sizeof(uint8_t)); - ret = setsockopt(b->num, IPPROTO_SCTP, SCTP_AUTH_KEY, authkey, sockopt_len); + ret = setsockopt(b->num, IPPROTO_SCTP, SCTP_AUTH_KEY, authkey, + sockopt_len); free(authkey); if (ret < 0) break; /* Reset active key */ ret = setsockopt(b->num, IPPROTO_SCTP, SCTP_AUTH_ACTIVE_KEY, - &authkeyid, sizeof(struct sctp_authkeyid)); + &authkeyid, sizeof(struct sctp_authkeyid)); if (ret < 0) break; - + } break; case BIO_CTRL_DGRAM_SCTP_NEXT_AUTH_KEY: /* Returns 0 on success, -1 otherwise. */ /* Get active key */ sockopt_len = sizeof(struct sctp_authkeyid); - ret = getsockopt(b->num, IPPROTO_SCTP, SCTP_AUTH_ACTIVE_KEY, &authkeyid, &sockopt_len); + ret = getsockopt(b->num, IPPROTO_SCTP, SCTP_AUTH_ACTIVE_KEY, + &authkeyid, &sockopt_len); if (ret < 0) break; /* Set active key */ authkeyid.scact_keynumber = authkeyid.scact_keynumber + 1; ret = setsockopt(b->num, IPPROTO_SCTP, SCTP_AUTH_ACTIVE_KEY, - &authkeyid, sizeof(struct sctp_authkeyid)); + &authkeyid, sizeof(struct sctp_authkeyid)); if (ret < 0) break; @@ -1269,7 +1278,8 @@ dgram_sctp_ctrl(BIO *b, int cmd, long num, void *ptr) if (data->ccs_rcvd == 1 && data->ccs_sent == 1) { /* Get active key */ sockopt_len = sizeof(struct sctp_authkeyid); - ret = getsockopt(b->num, IPPROTO_SCTP, SCTP_AUTH_ACTIVE_KEY, &authkeyid, &sockopt_len); + ret = getsockopt(b->num, IPPROTO_SCTP, + SCTP_AUTH_ACTIVE_KEY, &authkeyid, &sockopt_len); if (ret < 0) break; @@ -1279,8 +1289,8 @@ dgram_sctp_ctrl(BIO *b, int cmd, long num, void *ptr) authkeyid.scact_keynumber = authkeyid.scact_keynumber - 1; #ifdef SCTP_AUTH_DEACTIVATE_KEY sockopt_len = sizeof(struct sctp_authkeyid); - ret = setsockopt(b->num, IPPROTO_SCTP, SCTP_AUTH_DEACTIVATE_KEY, - &authkeyid, sockopt_len); + ret = setsockopt(b->num, IPPROTO_SCTP, + SCTP_AUTH_DEACTIVATE_KEY, &authkeyid, sockopt_len); if (ret < 0) break; #endif |