summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorguenther <guenther@openbsd.org>2014-07-22 06:55:22 +0000
committerguenther <guenther@openbsd.org>2014-07-22 06:55:22 +0000
commit76f90a10f2aa7ddab56a029f9534a5a1cfa051b6 (patch)
tree88b93b9aab5494835285e5f58ad77ce178ed91a3
parentUse Cm instead of Li for 'MASK:' (diff)
downloadwireguard-openbsd-76f90a10f2aa7ddab56a029f9534a5a1cfa051b6.tar.xz
wireguard-openbsd-76f90a10f2aa7ddab56a029f9534a5a1cfa051b6.zip
Handle failure of NETSCAPE_SPKI_b64_encode() and don't leak memory
when BIO_new_{file,fp}() fails. inspired by a diff from logan@ ok miod@
Diffstat
-rw-r--r--lib/libssl/src/apps/spkac.c16
1 files changed, 10 insertions, 6 deletions
diff --git a/lib/libssl/src/apps/spkac.c b/lib/libssl/src/apps/spkac.c
index 3eef33061d2..b13a83d0970 100644
--- a/lib/libssl/src/apps/spkac.c
+++ b/lib/libssl/src/apps/spkac.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: spkac.c,v 1.21 2014/07/14 00:35:10 deraadt Exp $ */
+/* $OpenBSD: spkac.c,v 1.22 2014/07/22 06:55:22 guenther Exp $ */
/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
* project 1999. Based on an original idea by Massimiliano Pala
* (madwolf@openca.org).
@@ -190,21 +190,25 @@ bad:
NETSCAPE_SPKI_set_pubkey(spki, pkey);
NETSCAPE_SPKI_sign(spki, pkey, EVP_md5());
spkstr = NETSCAPE_SPKI_b64_encode(spki);
+ if (spkstr == NULL) {
+ BIO_printf(bio_err, "Error encoding SPKAC\n");
+ ERR_print_errors(bio_err);
+ goto end;
+ }
if (outfile)
out = BIO_new_file(outfile, "w");
- else {
+ else
out = BIO_new_fp(stdout, BIO_NOCLOSE);
- }
if (!out) {
BIO_printf(bio_err, "Error opening output file\n");
ERR_print_errors(bio_err);
- goto end;
+ } else {
+ BIO_printf(out, "SPKAC=%s\n", spkstr);
+ ret = 0;
}
- BIO_printf(out, "SPKAC=%s\n", spkstr);
free(spkstr);
- ret = 0;
goto end;
}
if (infile)
Copyright © 1996 – 2023 Jason A. Donenfeld. All Rights Reverse Engineered.