Various bugfixes: Uses locking for some more of the stuff that is not

thread-safe (where thread-safe counterparts are not available on all
platforms), and don't memcpy to NULL-pointers
Submitted by: Anonymous
Reviewed by: Bodo Moeller

Also, clean up htons vs. ntohs confusions.

crypto/bio/b_sock.c

@@ -150,7 +150,11 @@ int BIO_get_port(const char *str, unsigned short *port_ptr)
 		*port_ptr=(unsigned short)i;
 	else
 		{
+		CRYPTO_w_lock(CRYPTO_LOCK_GETSERVBYNAME);
  		s=getservbyname(str,"tcp");
+		if(s != NULL)
+			*port_ptr=ntohs((unsigned short)s->s_port);
+		CRYPTO_w_unlock(CRYPTO_LOCK_GETSERVBYNAME);
 		if(s == NULL)
 			{
 			if (strcmp(str,"http") == 0)
@@ -177,9 +181,7 @@ int BIO_get_port(const char *str, unsigned short *port_ptr)
 				ERR_add_error_data(3,"service='",str,"'");
 				return(0);
 				}
-			return(1);
 			}
-		*port_ptr=htons((unsigned short)s->s_port);
 		}
 	return(1);
 	}
@@ -253,16 +255,18 @@ static struct hostent *ghbn_dup(struct hostent *a)
 	for (i=0; a->h_aliases[i] != NULL; i++)
 		;
 	i++;
-	ret->h_aliases=(char **)Malloc(sizeof(char *)*i);
+	ret->h_aliases = (char **)Malloc(i*sizeof(char *));
-	memset(ret->h_aliases,0,sizeof(char *)*i);
+	if (ret->h_aliases == NULL)
-	if (ret == NULL) goto err;
+		goto err;
+	memset(ret->h_aliases, 0, i*sizeof(char *));
 
 	for (i=0; a->h_addr_list[i] != NULL; i++)
 		;
 	i++;
-	ret->h_addr_list=(char **)Malloc(sizeof(char *)*i);
+	ret->h_addr_list=(char **)Malloc(i*sizeof(char *));
-	memset(ret->h_addr_list,0,sizeof(char *)*i);
+	if (ret->h_addr_list == NULL)
-	if (ret->h_addr_list == NULL) goto err;
+		goto err;
+	memset(ret->h_addr_list, 0, i*sizeof(char *));
 
 	j=strlen(a->h_name)+1;
 	if ((ret->h_name=Malloc(j)) == NULL) goto err;
@@ -323,7 +327,7 @@ struct hostent *BIO_gethostbyname(const char *name)
 
 /*	return(gethostbyname(name)); */
 
-	CRYPTO_w_lock(CRYPTO_LOCK_BIO_GETHOSTBYNAME);
+	CRYPTO_w_lock(CRYPTO_LOCK_GETHOSTBYNAME);
 	j=strlen(name);
 	if (j < 128)
 		{
@@ -349,15 +353,25 @@ struct hostent *BIO_gethostbyname(const char *name)
 		BIO_ghbn_miss++;
 		ret=gethostbyname(name);
 
-		if (ret == NULL) return(NULL);
+		if (ret == NULL)
-		if (j > 128) return(ret); /* too big to cache */
+			goto end;
+		if (j > 128) /* too big to cache */
+			{
+			ret = NULL;
+			goto end;
+			}
 
 		/* else add to cache */
 		if (ghbn_cache[lowi].ent != NULL)
 			ghbn_free(ghbn_cache[lowi].ent);
+		ghbn_cache[lowi].name[0] = '\0';
 
+		if((ret=ghbn_cache[lowi].ent=ghbn_dup(ret)) == NULL)
+			{
+			BIOerr(BIO_F_BIO_GETHOSTBYNAME,ERR_R_MALLOC_FAILURE);
+			goto end;
+			}
 		strncpy(ghbn_cache[lowi].name,name,128);
-		ghbn_cache[lowi].ent=ghbn_dup(ret);
 		ghbn_cache[lowi].order=BIO_ghbn_miss+BIO_ghbn_hits;
 		}
 	else
@@ -366,7 +380,8 @@ struct hostent *BIO_gethostbyname(const char *name)
 		ret= ghbn_cache[i].ent;
 		ghbn_cache[i].order=BIO_ghbn_miss+BIO_ghbn_hits;
 		}
-	CRYPTO_w_unlock(CRYPTO_LOCK_BIO_GETHOSTBYNAME);
+end:
+	CRYPTO_w_unlock(CRYPTO_LOCK_GETHOSTBYNAME);
 	return(ret);
 	}
 

crypto/bio/bio.h

@@ -546,6 +546,7 @@ int BIO_printf(BIO *bio, ...);
 #define BIO_F_BIO_ACCEPT				 101
 #define BIO_F_BIO_BER_GET_HEADER			 102
 #define BIO_F_BIO_CTRL					 103
+#define BIO_F_BIO_GETHOSTBYNAME				 120
 #define BIO_F_BIO_GETS					 104
 #define BIO_F_BIO_GET_ACCEPT_SOCKET			 105
 #define BIO_F_BIO_GET_HOST_IP				 106

crypto/bio/bio_err.c

@@ -69,6 +69,7 @@ static ERR_STRING_DATA BIO_str_functs[]=
 {ERR_PACK(0,BIO_F_BIO_ACCEPT,0),	"BIO_accept"},
 {ERR_PACK(0,BIO_F_BIO_BER_GET_HEADER,0),	"BIO_BER_GET_HEADER"},
 {ERR_PACK(0,BIO_F_BIO_CTRL,0),	"BIO_ctrl"},
+{ERR_PACK(0,BIO_F_BIO_GETHOSTBYNAME,0),	"BIO_gethostbyname"},
 {ERR_PACK(0,BIO_F_BIO_GETS,0),	"BIO_gets"},
 {ERR_PACK(0,BIO_F_BIO_GET_ACCEPT_SOCKET,0),	"BIO_get_accept_socket"},
 {ERR_PACK(0,BIO_F_BIO_GET_HOST_IP,0),	"BIO_get_host_ip"},

crypto/cryptlib.c

@@ -89,10 +89,12 @@ static const char* lock_names[CRYPTO_NUM_LOCKS] =
 	"rand",
 	"debug_malloc",
 	"BIO",
-	"bio_gethostbyname",
+	"gethostbyname",
+	"getservbyname",
+	"readdir",
 	"RSA_blinding",
-#if CRYPTO_NUM_LOCKS != 22
+#if CRYPTO_NUM_LOCKS != 24
-# error "Inconsistency between crypto.h and cryptlic.c"
+# error "Inconsistency between crypto.h and cryptlib.c"
 #endif
 	};
 

crypto/crypto.h

@@ -103,9 +103,11 @@ extern "C" {
 #define	CRYPTO_LOCK_RAND		17
 #define	CRYPTO_LOCK_MALLOC		18
 #define	CRYPTO_LOCK_BIO			19
-#define	CRYPTO_LOCK_BIO_GETHOSTBYNAME	20
+#define	CRYPTO_LOCK_GETHOSTBYNAME	20
-#define	CRYPTO_LOCK_RSA_BLINDING	21
+#define	CRYPTO_LOCK_GETSERVBYNAME	21
-#define	CRYPTO_NUM_LOCKS		22
+#define	CRYPTO_LOCK_READDIR		22
+#define	CRYPTO_LOCK_RSA_BLINDING	23
+#define	CRYPTO_NUM_LOCKS		24
 
 #define CRYPTO_LOCK		1
 #define CRYPTO_UNLOCK		2

ssl/ssl_cert.c

@@ -673,14 +673,18 @@ err:
 int SSL_add_dir_cert_subjects_to_stack(STACK_OF(X509_NAME) *stack,
 				       const char *dir)
     {
-    DIR *d=opendir(dir);
+    DIR *d;
     struct dirent *dstruct;
+    int ret = 0;
+
+    CRYPTO_w_lock(CRYPTO_LOCK_READDIR);
+    d = opendir(dir);
 
     /* Note that a side effect is that the CAs will be sorted by name */
     if(!d)
 	{
 	SSLerr(SSL_F_SSL_ADD_DIR_CERT_SUBJECTS_TO_STACK,ERR_R_MALLOC_FAILURE);
-	return 0;
+	goto err;
 	}
 
     while((dstruct=readdir(d)))
@@ -690,15 +694,18 @@ int SSL_add_dir_cert_subjects_to_stack(STACK_OF(X509_NAME) *stack,
 	if(strlen(dir)+strlen(dstruct->d_name)+2 > sizeof buf)
 	    {
 	    SSLerr(SSL_F_SSL_ADD_DIR_CERT_SUBJECTS_TO_STACK,SSL_R_PATH_TOO_LONG);
-	    return 0;
+	    goto err;
 	    }
 	
 	sprintf(buf,"%s/%s",dir,dstruct->d_name);
 	if(!SSL_add_file_cert_subjects_to_stack(stack,buf))
-	    return 0;
+	    goto err;
 	}
+    ret = 1;
 
-    return 1;
+err:	
+    CRYPTO_w_unlock(CRYPTO_LOCK_READDIR);
+    return ret;
     }
 
 #endif