diff options
author | David Benjamin <davidben@google.com> | 2017-04-03 17:43:48 -0400 |
---|---|---|
committer | CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org> | 2017-04-04 18:21:49 +0000 |
commit | 0686c09eeaed24f778fe0a86561ae7200751be13 (patch) | |
tree | 6954ce9d410fe4972430783ef14c22dc55cc4676 | |
parent | b18cb6a5d013666b6ac0f29eb8772d33efdf7749 (diff) | |
download | boringssl-0686c09eeaed24f778fe0a86561ae7200751be13.zip boringssl-0686c09eeaed24f778fe0a86561ae7200751be13.tar.gz boringssl-0686c09eeaed24f778fe0a86561ae7200751be13.tar.bz2 |
Fix CRYPTO_dup_ex_data.
On malloc error, CRYPTO_set_ex_data may fail. (See upstream's
62f488d31733e5dc77b339f905b44f165550e47d.)
It also failed to copy the reserved slots when we revised the app-data
machinery, although this is unreachable as EC_KEY is the only thing
which uses this function and EC_KEY has no reserved slots. (We probably
can/should also take CRYPTO_dup_ex_data out of there, as it's a little
bit weird...)
Change-Id: I60bbc301f919d4c0ee7fff362f979f6ec18d73b7
Reviewed-on: https://boringssl-review.googlesource.com/14604
Reviewed-by: Steven Valdez <svaldez@google.com>
Reviewed-by: David Benjamin <davidben@google.com>
Commit-Queue: Steven Valdez <svaldez@google.com>
Commit-Queue: David Benjamin <davidben@google.com>
CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>
-rw-r--r-- | crypto/ex_data.c | 12 |
1 files changed, 11 insertions, 1 deletions
diff --git a/crypto/ex_data.c b/crypto/ex_data.c index 5286513..20b762e 100644 --- a/crypto/ex_data.c +++ b/crypto/ex_data.c @@ -239,6 +239,13 @@ int CRYPTO_dup_ex_data(CRYPTO_EX_DATA_CLASS *ex_data_class, CRYPTO_EX_DATA *to, return 1; } + for (size_t i = 0; i < ex_data_class->num_reserved; i++) { + void *ptr = CRYPTO_get_ex_data(from, i); + if (!CRYPTO_set_ex_data(to, i, ptr)) { + return 0; + } + } + STACK_OF(CRYPTO_EX_DATA_FUNCS) *func_pointers; if (!get_func_pointers(&func_pointers, ex_data_class)) { return 0; @@ -252,7 +259,10 @@ int CRYPTO_dup_ex_data(CRYPTO_EX_DATA_CLASS *ex_data_class, CRYPTO_EX_DATA *to, func_pointer->dup_func(to, from, &ptr, i + ex_data_class->num_reserved, func_pointer->argl, func_pointer->argp); } - CRYPTO_set_ex_data(to, i + ex_data_class->num_reserved, ptr); + if (!CRYPTO_set_ex_data(to, i + ex_data_class->num_reserved, ptr)) { + sk_CRYPTO_EX_DATA_FUNCS_free(func_pointers); + return 0; + } } sk_CRYPTO_EX_DATA_FUNCS_free(func_pointers); |