diff options
| author |   tedu <tedu@openbsd.org> | 2014-04-23 20:21:23 +0000 |
|---|---|---|
| committer | tedu <tedu@openbsd.org> | 2014-04-23 20:21:23 +0000 |
| commit | 3b95b7506c29f5d0c05e35452e7a339f72bf3d25 (patch) | |
| tree | 685980e3c0cfe5795923ac9fcd4c5ce2556be36d /lib/libssl/src | |
| parent | One last Dec C tentacle on alpha. (diff) | |
| download | wireguard-openbsd-3b95b7506c29f5d0c05e35452e7a339f72bf3d25.tar.xz wireguard-openbsd-3b95b7506c29f5d0c05e35452e7a339f72bf3d25.zip | |
if realloc failed, BIO_accept would leak memory and return NULL, causing
caller to crash. Fix leak and return an error instead. from Chad Loder
Diffstat (limited to 'lib/libssl/src')
| -rw-r--r-- | lib/libssl/src/crypto/bio/b_sock.c | 13 |
1 files changed, 11 insertions, 2 deletions
diff --git a/lib/libssl/src/crypto/bio/b_sock.c b/lib/libssl/src/crypto/bio/b_sock.c index a6dd43f397b..a7791b39e2e 100644 --- a/lib/libssl/src/crypto/bio/b_sock.c +++ b/lib/libssl/src/crypto/bio/b_sock.c @@ -449,7 +449,7 @@ BIO_accept(int sock, char **addr) int ret = -1; unsigned long l; unsigned short port; - char *p; + char *p, *tmp; struct { /* @@ -534,11 +534,19 @@ BIO_accept(int sock, char **addr) p = *addr; if (p) { *p = '\0'; - p = realloc(p, nl); + if (!(tmp = realloc(p, nl))) { + ret = -1; + free(p); + *addr = NULL; + BIOerr(BIO_F_BIO_ACCEPT, ERR_R_MALLOC_FAILURE); + goto end; + } + p = tmp; } else { p = malloc(nl); } if (p == NULL) { + ret = -1; BIOerr(BIO_F_BIO_ACCEPT, ERR_R_MALLOC_FAILURE); goto end; } @@ -553,6 +561,7 @@ BIO_accept(int sock, char **addr) port = ntohs(sa.from.sa_in.sin_port); if (*addr == NULL) { if ((p = malloc(24)) == NULL) { + ret = -1; BIOerr(BIO_F_BIO_ACCEPT, ERR_R_MALLOC_FAILURE); goto end; } |