Fix error checking in PKINIT authdata creation

In create_identifiers_from_stack: check for allocation errors from PKCS7_ISSUER_AND_SERIAL_new and M_ASN1_INTEGER_dup. Use PKCS7_ISSUER_AND_SERIAL_free to more concisely clean up the OpenSSL issuer variable, and make sure that any partially processed value is cleaned up on error. Use calloc to allocate krb5_cas so that all of its pointers are initially nulled, so that free_krb5_external_principal_identifier can operate on it safely in case of error. Eliminate the retval variable as it was not used safely. Rename the error label from "cleanup" to "oom" and separate it from the successful return path (which has nothing to clean up). (back ported from commit 09246e64e20f079bef6163e9e1d0ecda7917b8c2) (cherry picked from commit 62c9e504261a07b8da297854c9fc9549acecc7d3) ticket: 8106 (new) version_fixed: 1.11.6 status: resolved
author: Greg Hudson <ghudson@mit.edu> 2014-06-14 11:23:08 -0400
committer: Tom Yu <tlyu@mit.edu> 2015-02-06 17:51:18 -0500
commit: 384120086cb68e1588176a2056425c912c169575 (patch)
tree: e1791909ca2b3b07fde60708cd255f676cc4a086
parent: 7f5e091247e242bcc3085bcffbcab6023899c59e (diff)
download: krb5-384120086cb68e1588176a2056425c912c169575.zip
krb5-384120086cb68e1588176a2056425c912c169575.tar.gz
krb5-384120086cb68e1588176a2056425c912c169575.tar.bz2
1 files changed, 24 insertions, 27 deletions
diff --git a/src/plugins/preauth/pkinit/pkinit_crypto_openssl.c b/src/plugins/preauth/pkinit/pkinit_crypto_openssl.c
index 9ed3781..680eb48 100644
--- a/src/plugins/preauth/pkinit/pkinit_crypto_openssl.c
+++ b/src/plugins/preauth/pkinit/pkinit_crypto_openssl.c
@@ -5506,7 +5506,6 @@ static krb5_error_code
 create_identifiers_from_stack(STACK_OF(X509) *sk,
                               krb5_external_principal_identifier *** ids)
 {
-    krb5_error_code retval = ENOMEM;
     int i = 0, sk_size = sk_X509_num(sk);
     krb5_external_principal_identifier **krb5_cas = NULL;
     X509 *x = NULL;
@@ -5518,11 +5517,9 @@ create_identifiers_from_stack(STACK_OF(X509) *sk,
 
     *ids = NULL;
 
-    krb5_cas =
-        malloc((sk_size + 1) * sizeof(krb5_external_principal_identifier *));
+    krb5_cas = calloc(sk_size + 1, sizeof(*krb5_cas));
     if (krb5_cas == NULL)
         return ENOMEM;
-    krb5_cas[sk_size] = NULL;
 
     for (i = 0; i < sk_size; i++) {
         krb5_cas[i] = malloc(sizeof(krb5_external_principal_identifier));
@@ -5540,7 +5537,7 @@ create_identifiers_from_stack(STACK_OF(X509) *sk,
         xn = X509_get_subject_name(x);
         len = i2d_X509_NAME(xn, NULL);
         if ((p = malloc((size_t) len)) == NULL)
-            goto cleanup;
+            goto oom;
         krb5_cas[i]->subjectName.data = (char *)p;
         i2d_X509_NAME(xn, &p);
         krb5_cas[i]->subjectName.length = len;
@@ -5554,12 +5551,17 @@ create_identifiers_from_stack(STACK_OF(X509) *sk,
         if (longhorn == 0) { /* XXX Longhorn doesn't like this */
 #endif
             is = PKCS7_ISSUER_AND_SERIAL_new();
+            if (is == NULL)
+                goto oom;
             X509_NAME_set(&is->issuer, X509_get_issuer_name(x));
             M_ASN1_INTEGER_free(is->serial);
             is->serial = M_ASN1_INTEGER_dup(X509_get_serialNumber(x));
+            if (is->serial == NULL)
+                goto oom;
             len = i2d_PKCS7_ISSUER_AND_SERIAL(is, NULL);
-            if ((p = malloc((size_t) len)) == NULL)
-                goto cleanup;
+            p = malloc(len);
+            if (p == NULL)
+                goto oom;
             krb5_cas[i]->issuerAndSerialNumber.data = (char *)p;
             i2d_PKCS7_ISSUER_AND_SERIAL(is, &p);
             krb5_cas[i]->issuerAndSerialNumber.length = len;
@@ -5577,40 +5579,35 @@ create_identifiers_from_stack(STACK_OF(X509) *sk,
         if (longhorn == 0) {    /* XXX Longhorn doesn't like this */
 #endif
             if (X509_get_ext_by_NID(x, NID_subject_key_identifier, -1) >= 0) {
-                ASN1_OCTET_STRING *ikeyid = NULL;
+                ASN1_OCTET_STRING *ikeyid;
 
-                if ((ikeyid = X509_get_ext_d2i(x, NID_subject_key_identifier, NULL,
-                                               NULL))) {
+                ikeyid = X509_get_ext_d2i(x, NID_subject_key_identifier, NULL,
+                                          NULL);
+                if (ikeyid != NULL) {
                     len = i2d_ASN1_OCTET_STRING(ikeyid, NULL);
-                    if ((p = malloc((size_t) len)) == NULL)
-                        goto cleanup;
+                    p = malloc(len);
+                    if (p == NULL)
+                        goto oom;
                     krb5_cas[i]->subjectKeyIdentifier.data = (char *)p;
                     i2d_ASN1_OCTET_STRING(ikeyid, &p);
                     krb5_cas[i]->subjectKeyIdentifier.length = len;
-                }
-                if (ikeyid != NULL)
                     ASN1_OCTET_STRING_free(ikeyid);
+                }
             }
 #ifdef LONGHORN_BETA_COMPAT
         }
 #endif
-        if (is != NULL) {
-            if (is->issuer != NULL)
-                X509_NAME_free(is->issuer);
-            if (is->serial != NULL)
-                ASN1_INTEGER_free(is->serial);
-            free(is);
-        }
+        PKCS7_ISSUER_AND_SERIAL_free(is);
+        is = NULL;
     }
 
     *ids = krb5_cas;
+    return 0;
 
-    retval = 0;
-cleanup:
-    if (retval)
-        free_krb5_external_principal_identifier(&krb5_cas);
-
-    return retval;
+oom:
+    free_krb5_external_principal_identifier(&krb5_cas);
+    PKCS7_ISSUER_AND_SERIAL_free(is);
+    return ENOMEM;
 }
 
 static krb5_error_code
author	Greg Hudson <ghudson@mit.edu>	2014-06-14 11:23:08 -0400
committer	Tom Yu <tlyu@mit.edu>	2015-02-06 17:51:18 -0500
commit	384120086cb68e1588176a2056425c912c169575 (patch)
tree	e1791909ca2b3b07fde60708cd255f676cc4a086
parent	7f5e091247e242bcc3085bcffbcab6023899c59e (diff)
download	krb5-384120086cb68e1588176a2056425c912c169575.zip krb5-384120086cb68e1588176a2056425c912c169575.tar.gz krb5-384120086cb68e1588176a2056425c912c169575.tar.bz2