1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
|
From 0a91d1f62d5b6e1cac4d0a7c2ac9f75faad50534 Mon Sep 17 00:00:00 2001
From: Demi Marie Obenour <demi@invisiblethingslab.com>
Date: Fri, 9 Apr 2021 13:34:12 -0400
Subject: [PATCH] Avoid double frees if EVP_PKEY_assign_RSA fails
Previously, the bignums would be left as dangling and double-freed.
---
rpmio/digest_openssl.c | 32 +++++++++++++++++---------------
1 file changed, 17 insertions(+), 15 deletions(-)
diff --git a/rpmio/digest_openssl.c b/rpmio/digest_openssl.c
index 20c272d..02f34a9 100644
--- a/rpmio/digest_openssl.c
+++ b/rpmio/digest_openssl.c
@@ -292,8 +292,8 @@ struct pgpDigKeyRSA_s {
BIGNUM *n; /* Common Modulus */
BIGNUM *e; /* Public Exponent */
-
EVP_PKEY *evp_pkey; /* Fully constructed key */
+ unsigned char immutable; /* if set, this key cannot be mutated */
};
static int constructRSASigningKey(struct pgpDigKeyRSA_s *key)
@@ -301,33 +301,34 @@ static int constructRSASigningKey(struct pgpDigKeyRSA_s *key)
if (key->evp_pkey) {
/* We've already constructed it, so just reuse it */
return 1;
- }
+ } else if (key->immutable)
+ return 0;
+ key->immutable = 1;
/* Create the RSA key */
RSA *rsa = RSA_new();
if (!rsa) return 0;
- if (!RSA_set0_key(rsa, key->n, key->e, NULL)) {
- RSA_free(rsa);
- return 0;
- }
+ if (RSA_set0_key(rsa, key->n, key->e, NULL) <= 0)
+ goto exit;
+ key->n = key->e = NULL;
/* Create an EVP_PKEY container to abstract the key-type. */
- key->evp_pkey = EVP_PKEY_new();
- if (!key->evp_pkey) {
- RSA_free(rsa);
- return 0;
- }
+ if (!(key->evp_pkey = EVP_PKEY_new()))
+ goto exit;
/* Assign the RSA key to the EVP_PKEY structure.
This will take over memory management of the RSA key */
if (!EVP_PKEY_assign_RSA(key->evp_pkey, rsa)) {
EVP_PKEY_free(key->evp_pkey);
key->evp_pkey = NULL;
- RSA_free(rsa);
+ goto exit;
}
return 1;
+exit:
+ RSA_free(rsa);
+ return 0;
}
static int pgpSetKeyMpiRSA(pgpDigAlg pgpkey, int num, const uint8_t *p)
@@ -335,9 +336,10 @@ static int pgpSetKeyMpiRSA(pgpDigAlg pgpkey, int num, const uint8_t *p)
size_t mlen = pgpMpiLen(p) - 2;
struct pgpDigKeyRSA_s *key = pgpkey->data;
- if (!key) {
+ if (!key)
key = pgpkey->data = xcalloc(1, sizeof(*key));
- }
+ else if (key->immutable)
+ return 1;
switch (num) {
case 0:
@@ -347,7 +349,7 @@ static int pgpSetKeyMpiRSA(pgpDigAlg pgpkey, int num, const uint8_t *p)
return 1;
}
- key->nbytes = mlen;
+ key->nbytes = mlen;
/* Create a BIGNUM from the pointer.
Note: this assumes big-endian data as required by PGP */
key->n = BN_bin2bn(p+2, mlen, NULL);
--
1.8.3.1
|
