Fix err checking and mem leaks of BIO_set_conn_port and BIO_set_conn_address

Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/11986)
author: Dr. David von Oheimb <David.von.Oheimb@siemens.com> 2020-06-03 07:49:27 +0200
committer: Dr. David von Oheimb <David.von.Oheimb@siemens.com> 2020-06-16 18:51:39 +0200
commit: c0fff24e0dc168a0dff4209d120733e6684e0767 (patch)
tree: 7e7493108e0f1a344bdae7509cc94931f0928e7c
parent: CMS_get0_signers() description (diff)
download: openssl-c0fff24e0dc168a0dff4209d120733e6684e0767.tar.xz
openssl-c0fff24e0dc168a0dff4209d120733e6684e0767.zip
1 files changed, 18 insertions, 7 deletions
diff --git a/crypto/bio/bss_conn.c b/crypto/bio/bss_conn.c
index 31a5b58b7d..6cff2a99ac 100644
--- a/crypto/bio/bss_conn.c
+++ b/crypto/bio/bss_conn.c
@@ -438,12 +438,13 @@ static long conn_ctrl(BIO *b, int cmd, long num, void *ptr)
     case BIO_C_SET_CONNECT:
         if (ptr != NULL) {
             b->init = 1;
-            if (num == 0) {
+            if (num == 0) { /* BIO_set_conn_hostname */
                 char *hold_service = data->param_service;
                 /* We affect the hostname regardless.  However, the input
                  * string might contain a host:service spec, so we must
                  * parse it, which might or might not affect the service
                  */
+
                 OPENSSL_free(data->param_hostname);
                 data->param_hostname = NULL;
                 ret = BIO_parse_hostserv(ptr,
@@ -452,19 +453,29 @@ static long conn_ctrl(BIO *b, int cmd, long num, void *ptr)
                                          BIO_PARSE_PRIO_HOST);
                 if (hold_service != data->param_service)
                     OPENSSL_free(hold_service);
-            } else if (num == 1) {
+            } else if (num == 1) { /* BIO_set_conn_port */
                 OPENSSL_free(data->param_service);
-                data->param_service = OPENSSL_strdup(ptr);
-            } else if (num == 2) {
+                if ((data->param_service = OPENSSL_strdup(ptr)) == NULL)
+                    ret = 0;
+            } else if (num == 2) { /* BIO_set_conn_address */
                 const BIO_ADDR *addr = (const BIO_ADDR *)ptr;
+                char *host = BIO_ADDR_hostname_string(addr, 1);
+                char *service = BIO_ADDR_service_string(addr, 1);
+
+                ret = host != NULL && service != NULL;
                 if (ret) {
-                    data->param_hostname = BIO_ADDR_hostname_string(addr, 1);
-                    data->param_service = BIO_ADDR_service_string(addr, 1);
+                    OPENSSL_free(data->param_hostname);
+                    data->param_hostname = host;
+                    OPENSSL_free(data->param_service);
+                    data->param_service = service;
                     BIO_ADDRINFO_free(data->addr_first);
                     data->addr_first = NULL;
                     data->addr_iter = NULL;
+                } else {
+                    OPENSSL_free(host);
+                    OPENSSL_free(service);
                 }
-            } else if (num == 3) {
+            } else if (num == 3) { /* BIO_set_conn_ip_family */
                 data->connect_family = *(int *)ptr;
             } else {
                 ret = 0;
author	Dr. David von Oheimb <David.von.Oheimb@siemens.com>	2020-06-03 07:49:27 +0200
committer	Dr. David von Oheimb <David.von.Oheimb@siemens.com>	2020-06-16 18:51:39 +0200
commit	c0fff24e0dc168a0dff4209d120733e6684e0767 (patch)
tree	7e7493108e0f1a344bdae7509cc94931f0928e7c
parent	CMS_get0_signers() description (diff)
download	openssl-c0fff24e0dc168a0dff4209d120733e6684e0767.tar.xz openssl-c0fff24e0dc168a0dff4209d120733e6684e0767.zip