diff options
author | Nick Mathewson <nickm@torproject.org> | 2017-08-09 09:24:16 -0400 |
---|---|---|
committer | Nick Mathewson <nickm@torproject.org> | 2017-08-09 09:24:16 -0400 |
commit | 418f3d6298beb27e050618e2f59e01d6d3b2f45b (patch) | |
tree | 97ac6a038194559561a34d245fbd74584cb5f9c6 /src/common/tortls.c | |
parent | 9696021593d28a7ae3b6a88ac57ff31234b469f5 (diff) | |
download | tor-418f3d6298beb27e050618e2f59e01d6d3b2f45b.tar.gz tor-418f3d6298beb27e050618e2f59e01d6d3b2f45b.zip |
Make sure we always wind up checking i2d_*'s output.
The biggest offender here was sometimes not checking the output of
crypto_pk_get_digest.
Fixes bug 19418. Reported by Guido Vranken.
Diffstat (limited to 'src/common/tortls.c')
-rw-r--r-- | src/common/tortls.c | 21 |
1 files changed, 14 insertions, 7 deletions
diff --git a/src/common/tortls.c b/src/common/tortls.c index d61cc2e58a..bd41e0b7f1 100644 --- a/src/common/tortls.c +++ b/src/common/tortls.c @@ -648,12 +648,7 @@ MOCK_IMPL(STATIC tor_x509_cert_t *, length = i2d_X509(x509_cert, &buf); cert = tor_malloc_zero(sizeof(tor_x509_cert_t)); if (length <= 0 || buf == NULL) { - /* LCOV_EXCL_START for the same reason as the exclusion above */ - tor_free(cert); - log_err(LD_CRYPTO, "Couldn't get length of encoded x509 certificate"); - X509_free(x509_cert); - return NULL; - /* LCOV_EXCL_STOP */ + goto err; } cert->encoded_len = (size_t) length; cert->encoded = tor_malloc(length); @@ -668,13 +663,25 @@ MOCK_IMPL(STATIC tor_x509_cert_t *, if ((pkey = X509_get_pubkey(x509_cert)) && (rsa = EVP_PKEY_get1_RSA(pkey))) { crypto_pk_t *pk = crypto_new_pk_from_rsa_(rsa); - crypto_pk_get_common_digests(pk, &cert->pkey_digests); + if (crypto_pk_get_common_digests(pk, &cert->pkey_digests) < 0) { + crypto_pk_free(pk); + EVP_PKEY_free(pkey); + goto err; + } + cert->pkey_digests_set = 1; crypto_pk_free(pk); EVP_PKEY_free(pkey); } return cert; + err: + /* LCOV_EXCL_START for the same reason as the exclusion above */ + tor_free(cert); + log_err(LD_CRYPTO, "Couldn't wrap encoded X509 certificate."); + X509_free(x509_cert); + return NULL; + /* LCOV_EXCL_STOP */ } /** Return a new copy of <b>cert</b>. */ |