if realloc failed, BIO_accept would leak memory and return NULL, causing

author tedu <tedu@openbsd.org>

Wed, 23 Apr 2014 20:21:23 +0000 (20:21 +0000)

committer tedu <tedu@openbsd.org>

Wed, 23 Apr 2014 20:21:23 +0000 (20:21 +0000)
author tedu <tedu@openbsd.org>
Wed, 23 Apr 2014 20:21:23 +0000 (20:21 +0000)
committer tedu <tedu@openbsd.org>
Wed, 23 Apr 2014 20:21:23 +0000 (20:21 +0000)
diff --git a/lib/libcrypto/bio/b_sock.c b/lib/libcrypto/bio/b_sock.c

index a6dd43f..a7791b3 100644 (file)
--- a/lib/libcrypto/bio/b_sock.c
+++ b/lib/libcrypto/bio/b_sock.c
@@ -449,7 +449,7 @@ BIO_accept(int sock, char **addr)
         int ret = -1;
         unsigned long l;
         unsigned short port;
-       char *p;
+       char *p, *tmp;
  
         struct {
                 /*
@@ -534,11 +534,19 @@ BIO_accept(int sock, char **addr)
                 p = *addr;
                 if (p) {
                         *p = '\0';
-                       p = realloc(p, nl);
+                       if (!(tmp = realloc(p, nl))) {
+                               ret = -1;
+                               free(p);
+                               *addr = NULL;
+                               BIOerr(BIO_F_BIO_ACCEPT, ERR_R_MALLOC_FAILURE);
+                               goto end;
+                       }
+                       p = tmp;
                 } else {
                         p = malloc(nl);
                 }
                 if (p == NULL) {
+                       ret = -1;
                         BIOerr(BIO_F_BIO_ACCEPT, ERR_R_MALLOC_FAILURE);
                         goto end;
                 }
@@ -553,6 +561,7 @@ BIO_accept(int sock, char **addr)
         port = ntohs(sa.from.sa_in.sin_port);
         if (*addr == NULL) {
                 if ((p = malloc(24)) == NULL) {
+                       ret = -1;
                         BIOerr(BIO_F_BIO_ACCEPT, ERR_R_MALLOC_FAILURE);
                         goto end;
                 }
diff --git a/lib/libssl/src/crypto/bio/b_sock.c b/lib/libssl/src/crypto/bio/b_sock.c

index a6dd43f..a7791b3 100644 (file)
--- a/lib/libssl/src/crypto/bio/b_sock.c
+++ b/lib/libssl/src/crypto/bio/b_sock.c
@@ -449,7 +449,7 @@ BIO_accept(int sock, char **addr)
         int ret = -1;
         unsigned long l;
         unsigned short port;
-       char *p;
+       char *p, *tmp;
  
         struct {
                 /*
@@ -534,11 +534,19 @@ BIO_accept(int sock, char **addr)
                 p = *addr;
                 if (p) {
                         *p = '\0';
-                       p = realloc(p, nl);
+                       if (!(tmp = realloc(p, nl))) {
+                               ret = -1;
+                               free(p);
+                               *addr = NULL;
+                               BIOerr(BIO_F_BIO_ACCEPT, ERR_R_MALLOC_FAILURE);
+                               goto end;
+                       }
+                       p = tmp;
                 } else {
                         p = malloc(nl);
                 }
                 if (p == NULL) {
+                       ret = -1;
                         BIOerr(BIO_F_BIO_ACCEPT, ERR_R_MALLOC_FAILURE);
                         goto end;
                 }
@@ -553,6 +561,7 @@ BIO_accept(int sock, char **addr)
         port = ntohs(sa.from.sa_in.sin_port);
         if (*addr == NULL) {
                 if ((p = malloc(24)) == NULL) {
+                       ret = -1;
                         BIOerr(BIO_F_BIO_ACCEPT, ERR_R_MALLOC_FAILURE);
                         goto end;
                 }
author	tedu <tedu@openbsd.org>
	Wed, 23 Apr 2014 20:21:23 +0000 (20:21 +0000)
committer	tedu <tedu@openbsd.org>
	Wed, 23 Apr 2014 20:21:23 +0000 (20:21 +0000)
lib/libcrypto/bio/b_sock.c		patch \| blob \| history
lib/libssl/src/crypto/bio/b_sock.c		patch \| blob \| history