Add some missing return value checks

Some misc return value checks Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-06-10 16:51:39 +01:00 · 2016-06-10 16:51:39 +01:00 · d356dc5619
commit d356dc5619
parent c887104f4a
5 changed files with 19 additions and 11 deletions
--- a/crypto/bn/bn_prime.c
+++ b/crypto/bn/bn_prime.c
@ -340,7 +340,8 @@ int bn_probable_prime_dh_coprime(BIGNUM *rnd, int bits, BN_CTX *ctx)
    if ((offset_count = BN_CTX_get(ctx)) == NULL)
        goto err;

-    BN_add_word(offset_count, prime_offset_count);
+    if (!BN_add_word(offset_count, prime_offset_count))
+        goto err;

 loop:
    if (!BN_rand(rnd, bits - prime_multiplier_bits, 0, 1))
@ -350,8 +351,9 @@ int bn_probable_prime_dh_coprime(BIGNUM *rnd, int bits, BN_CTX *ctx)
    if (!BN_rand_range(offset_index, offset_count))
        goto err;

-    BN_mul_word(rnd, prime_multiplier);
-    BN_add_word(rnd, prime_offsets[BN_get_word(offset_index)]);
+    if (!BN_mul_word(rnd, prime_multiplier)
+        || !BN_add_word(rnd, prime_offsets[BN_get_word(offset_index)]))
+        goto err;

    /* we now have a random number 'rand' to test. */

--- a/crypto/bn/bn_print.c
+++ b/crypto/bn/bn_print.c
@ -241,8 +241,9 @@ int BN_dec2bn(BIGNUM **bn, const char *a)
        l += *a - '0';
        a++;
        if (++j == BN_DEC_NUM) {
-            BN_mul_word(ret, BN_DEC_CONV);
-            BN_add_word(ret, l);
+            if (!BN_mul_word(ret, BN_DEC_CONV)
+                || !BN_add_word(ret, l))
+                goto err;
            l = 0;
            j = 0;
        }
--- a/crypto/evp/e_rc2.c
+++ b/crypto/evp/e_rc2.c
@ -130,16 +130,17 @@ static int rc2_get_asn1_type_and_iv(EVP_CIPHER_CTX *c, ASN1_TYPE *type)
        OPENSSL_assert(l <= sizeof(iv));
        i = ASN1_TYPE_get_int_octetstring(type, &num, iv, l);
        if (i != (int)l)
-            return (-1);
+            return -1;
        key_bits = rc2_magic_to_meth((int)num);
        if (!key_bits)
-            return (-1);
+            return -1;
        if (i > 0 && !EVP_CipherInit_ex(c, NULL, NULL, NULL, iv, -1))
            return -1;
        EVP_CIPHER_CTX_ctrl(c, EVP_CTRL_SET_RC2_KEY_BITS, key_bits, NULL);
-        EVP_CIPHER_CTX_set_key_length(c, key_bits / 8);
+        if (EVP_CIPHER_CTX_set_key_length(c, key_bits / 8) <= 0)
+            return -1;
    }
-    return (i);
+    return i;
 }

 static int rc2_set_asn1_type_and_iv(EVP_CIPHER_CTX *c, ASN1_TYPE *type)
--- a/crypto/pkcs7/pk7_doit.c
+++ b/crypto/pkcs7/pk7_doit.c
@ -775,7 +775,8 @@ int PKCS7_dataFinal(PKCS7 *p7, BIO *bio)
            goto err;
        if (!EVP_DigestFinal_ex(mdc, md_data, &md_len))
            goto err;
-        ASN1_OCTET_STRING_set(p7->d.digest->digest, md_data, md_len);
+        if (!ASN1_OCTET_STRING_set(p7->d.digest->digest, md_data, md_len))
+            goto err;
    }

    if (!PKCS7_is_detached(p7)) {
--- a/ssl/s3_enc.c
+++ b/ssl/s3_enc.c
@ -415,7 +415,10 @@ int ssl3_final_finish_mac(SSL *s, const char *sender, int len, unsigned char *p)
        SSLerr(SSL_F_SSL3_FINAL_FINISH_MAC, ERR_R_MALLOC_FAILURE);
        return 0;
    }
-    EVP_MD_CTX_copy_ex(ctx, s->s3->handshake_dgst);
+    if (!EVP_MD_CTX_copy_ex(ctx, s->s3->handshake_dgst)) {
+        SSLerr(SSL_F_SSL3_FINAL_FINISH_MAC, ERR_R_INTERNAL_ERROR);
+        return 0;
+    }

    ret = EVP_MD_CTX_size(ctx);
    if (ret < 0) {