diff options
author | Dirkjan Bussink <d.bussink@gmail.com> | 2020-12-10 14:01:32 +0000 |
---|---|---|
committer | Andreas Schneider <asn@cryptomilk.org> | 2020-12-11 13:32:02 +0100 |
commit | daeee74edd8ac25c1d246d40333e78518574eded (patch) | |
tree | e6646a06bcc8e4338d3a094bcd5af034fe8a0c1f /src/pki_crypto.c | |
parent | f6a2f6190c2aa047d901547720ae6d1729e1e2c0 (diff) | |
download | libssh-daeee74edd8ac25c1d246d40333e78518574eded.tar.gz libssh-daeee74edd8ac25c1d246d40333e78518574eded.tar.xz libssh-daeee74edd8ac25c1d246d40333e78518574eded.zip |
Add safety checks for all ssh_string_fill calls
These calls can fail and the return code should always be checked. These
issues were identified when code review called it out on new code. The
updates here are to existing code with no behavior changes to make
review simpler.
Signed-off-by: Dirkjan Bussink <d.bussink@gmail.com>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
Diffstat (limited to 'src/pki_crypto.c')
-rw-r--r-- | src/pki_crypto.c | 31 |
1 files changed, 26 insertions, 5 deletions
diff --git a/src/pki_crypto.c b/src/pki_crypto.c index 08409209..3c3e0a40 100644 --- a/src/pki_crypto.c +++ b/src/pki_crypto.c @@ -840,7 +840,11 @@ ssh_string pki_private_key_to_pem(const ssh_key key, goto err; } - ssh_string_fill(blob, buf->data, buf->length); + rc = ssh_string_fill(blob, buf->data, buf->length); + if (rc < 0) { + goto err; + } + BIO_free(mem); return blob; @@ -1411,6 +1415,7 @@ static ssh_string pki_dsa_signature_to_blob(const ssh_signature sig) const unsigned char *raw_sig_data = NULL; size_t raw_sig_len; + int rc; DSA_SIG *dsa_sig; @@ -1467,7 +1472,11 @@ static ssh_string pki_dsa_signature_to_blob(const ssh_signature sig) return NULL; } - ssh_string_fill(sig_blob, buffer, 40); + rc = ssh_string_fill(sig_blob, buffer, 40); + if (rc < 0) { + SSH_STRING_FREE(sig_blob); + return NULL; + } return sig_blob; @@ -1544,7 +1553,10 @@ static ssh_string pki_ecdsa_signature_to_blob(const ssh_signature sig) goto error; } - ssh_string_fill(sig_blob, ssh_buffer_get(buf), ssh_buffer_get_len(buf)); + rc = ssh_string_fill(sig_blob, ssh_buffer_get(buf), ssh_buffer_get_len(buf)); + if (rc < 0) { + goto error; + } SSH_STRING_FREE(r); SSH_STRING_FREE(s); @@ -1554,6 +1566,7 @@ static ssh_string pki_ecdsa_signature_to_blob(const ssh_signature sig) return sig_blob; error: + SSH_STRING_FREE(sig_blob); SSH_STRING_FREE(r); SSH_STRING_FREE(s); ECDSA_SIG_free(ecdsa_sig); @@ -1698,7 +1711,11 @@ static int pki_signature_from_dsa_blob(UNUSED_PARAM(const ssh_key pubkey), if (r == NULL) { goto error; } - ssh_string_fill(r, ssh_string_data(sig_blob), 20); + rc = ssh_string_fill(r, ssh_string_data(sig_blob), 20); + if (rc < 0) { + SSH_STRING_FREE(r); + goto error; + } pr = ssh_make_string_bn(r); ssh_string_burn(r); @@ -1711,7 +1728,11 @@ static int pki_signature_from_dsa_blob(UNUSED_PARAM(const ssh_key pubkey), if (s == NULL) { goto error; } - ssh_string_fill(s, (char *)ssh_string_data(sig_blob) + 20, 20); + rc = ssh_string_fill(s, (char *)ssh_string_data(sig_blob) + 20, 20); + if (rc < 0) { + SSH_STRING_FREE(s); + goto error; + } ps = ssh_make_string_bn(s); ssh_string_burn(s); |