From ba0b60c632ae9c5590b59184281baaf0a39f0c24 Mon Sep 17 00:00:00 2001 From: Jiasheng Jiang Date: Wed, 16 Feb 2022 11:27:23 +0800 Subject: apps/s_server: Add missing check for BIO_new As the potential failure of the BIO_new(), it should be better to check the return value and return error if fails in order to avoid the dereference of NULL pointer. And because 'bio_s_msg' is checked before being used everytime, which has no need to add the check. But 'bio_s_out' is not. And since the check 'if (bio_s_out == NULL)' is redundant, it can be removed to make the code succincter. Also the 'sbio' and so forth should be checked like the other places in the same file. Signed-off-by: Jiasheng Jiang Reviewed-by: Matt Caswell Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/17710) --- apps/s_server.c | 54 ++++++++++++++++++++++++++++++++++++++++++++++++++---- 1 file changed, 50 insertions(+), 4 deletions(-) (limited to 'apps') diff --git a/apps/s_server.c b/apps/s_server.c index 3646dd1dbd..45c112345f 100644 --- a/apps/s_server.c +++ b/apps/s_server.c @@ -1817,10 +1817,13 @@ int s_server_main(int argc, char *argv[]) if (s_msg && bio_s_msg == NULL) bio_s_msg = dup_bio_out(FORMAT_TEXT); } else { - if (bio_s_out == NULL) - bio_s_out = dup_bio_out(FORMAT_TEXT); + bio_s_out = dup_bio_out(FORMAT_TEXT); } } + + if (bio_s_out == NULL) + goto end; + if (nocert) { s_cert_file = NULL; s_key_file = NULL; @@ -2362,6 +2365,11 @@ static int sv_body(int s, int stype, int prot, unsigned char *context) else # endif sbio = BIO_new_dgram(s, BIO_NOCLOSE); + if (sbio == NULL) { + BIO_printf(bio_err, "Unable to create BIO\n"); + ERR_print_errors(bio_err); + goto err; + } if (enable_timeouts) { timeout.tv_sec = 0; @@ -2411,6 +2419,13 @@ static int sv_body(int s, int stype, int prot, unsigned char *context) BIO *test; test = BIO_new(BIO_f_nbio_test()); + if (test == NULL) { + BIO_printf(bio_err, "Unable to create BIO\n"); + ret = -1; + BIO_free(sbio); + goto err; + } + sbio = BIO_push(test, sbio); } @@ -2997,6 +3012,9 @@ static int www_body(int s, int stype, int prot, unsigned char *context) int width; fd_set readfds; const char *opmode; +#ifdef CHARSET_EBCDIC + BIO *filter; +#endif /* Set width for a select call if needed */ width = s + 1; @@ -3036,10 +3054,21 @@ static int www_body(int s, int stype, int prot, unsigned char *context) } sbio = BIO_new_socket(s, BIO_NOCLOSE); + if (sbio == NULL) { + SSL_free(con); + goto err; + } + if (s_nbio_test) { BIO *test; test = BIO_new(BIO_f_nbio_test()); + if (test == NULL) { + SSL_free(con); + BIO_free(sbio); + goto err; + } + sbio = BIO_push(test, sbio); } SSL_set_bio(con, sbio, sbio); @@ -3050,7 +3079,11 @@ static int www_body(int s, int stype, int prot, unsigned char *context) BIO_push(io, ssl_bio); ssl_bio = NULL; #ifdef CHARSET_EBCDIC - io = BIO_push(BIO_new(BIO_f_ebcdic_filter()), io); + filter = BIO_new(BIO_f_ebcdic_filter()); + if (filter == NULL) + goto err; + + io = BIO_push(filter, io); #endif if (s_debug) { @@ -3414,6 +3447,9 @@ static int rev_body(int s, int stype, int prot, unsigned char *context) int ret = 1; SSL *con; BIO *io, *ssl_bio, *sbio; +#ifdef CHARSET_EBCDIC + BIO *filter; +#endif /* as we use BIO_gets(), and it always null terminates data, we need * to allocate 1 byte longer buffer to fit the full 2^14 byte record */ @@ -3443,6 +3479,12 @@ static int rev_body(int s, int stype, int prot, unsigned char *context) } sbio = BIO_new_socket(s, BIO_NOCLOSE); + if (sbio == NULL) { + SSL_free(con); + ERR_print_errors(bio_err); + goto err; + } + SSL_set_bio(con, sbio, sbio); SSL_set_accept_state(con); @@ -3451,7 +3493,11 @@ static int rev_body(int s, int stype, int prot, unsigned char *context) BIO_push(io, ssl_bio); ssl_bio = NULL; #ifdef CHARSET_EBCDIC - io = BIO_push(BIO_new(BIO_f_ebcdic_filter()), io); + filter = BIO_new(BIO_f_ebcdic_filter()); + if (filter == NULL) + goto err; + + io = BIO_push(filter, io); #endif if (s_debug) { -- cgit v1.2.3