summaryrefslogtreecommitdiff
path: root/src/common/tortls.c
diff options
context:
space:
mode:
authorNick Mathewson <nickm@torproject.org>2017-08-09 09:24:16 -0400
committerNick Mathewson <nickm@torproject.org>2017-08-09 09:24:16 -0400
commit418f3d6298beb27e050618e2f59e01d6d3b2f45b (patch)
tree97ac6a038194559561a34d245fbd74584cb5f9c6 /src/common/tortls.c
parent9696021593d28a7ae3b6a88ac57ff31234b469f5 (diff)
downloadtor-418f3d6298beb27e050618e2f59e01d6d3b2f45b.tar.gz
tor-418f3d6298beb27e050618e2f59e01d6d3b2f45b.zip
Make sure we always wind up checking i2d_*'s output.
The biggest offender here was sometimes not checking the output of crypto_pk_get_digest. Fixes bug 19418. Reported by Guido Vranken.
Diffstat (limited to 'src/common/tortls.c')
-rw-r--r--src/common/tortls.c21
1 files changed, 14 insertions, 7 deletions
diff --git a/src/common/tortls.c b/src/common/tortls.c
index d61cc2e58a..bd41e0b7f1 100644
--- a/src/common/tortls.c
+++ b/src/common/tortls.c
@@ -648,12 +648,7 @@ MOCK_IMPL(STATIC tor_x509_cert_t *,
length = i2d_X509(x509_cert, &buf);
cert = tor_malloc_zero(sizeof(tor_x509_cert_t));
if (length <= 0 || buf == NULL) {
- /* LCOV_EXCL_START for the same reason as the exclusion above */
- tor_free(cert);
- log_err(LD_CRYPTO, "Couldn't get length of encoded x509 certificate");
- X509_free(x509_cert);
- return NULL;
- /* LCOV_EXCL_STOP */
+ goto err;
}
cert->encoded_len = (size_t) length;
cert->encoded = tor_malloc(length);
@@ -668,13 +663,25 @@ MOCK_IMPL(STATIC tor_x509_cert_t *,
if ((pkey = X509_get_pubkey(x509_cert)) &&
(rsa = EVP_PKEY_get1_RSA(pkey))) {
crypto_pk_t *pk = crypto_new_pk_from_rsa_(rsa);
- crypto_pk_get_common_digests(pk, &cert->pkey_digests);
+ if (crypto_pk_get_common_digests(pk, &cert->pkey_digests) < 0) {
+ crypto_pk_free(pk);
+ EVP_PKEY_free(pkey);
+ goto err;
+ }
+
cert->pkey_digests_set = 1;
crypto_pk_free(pk);
EVP_PKEY_free(pkey);
}
return cert;
+ err:
+ /* LCOV_EXCL_START for the same reason as the exclusion above */
+ tor_free(cert);
+ log_err(LD_CRYPTO, "Couldn't wrap encoded X509 certificate.");
+ X509_free(x509_cert);
+ return NULL;
+ /* LCOV_EXCL_STOP */
}
/** Return a new copy of <b>cert</b>. */