'[TrouSerS-tech] [tpm-tools PATCH] Verify allocation of cipher context and free after use'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       trousers-tech
Subject:    [TrouSerS-tech] [tpm-tools PATCH] Verify allocation of cipher context and free after use
From:       Jerry Snitselaar <jsnitsel () redhat ! com>
Date:       2017-05-04 17:35:51
Message-ID: 20170504173551.19315-1-jsnitsel () redhat ! com
[Download RAW message or body]

Check that context was actually allocated by EVP_CIPHER_CTX_new,
and call EVP_CIPHER_CTX_free when done using context.

Signed-off-by: Jerry Snitselaar <jsnitsel@redhat.com>
---
 lib/tpm_unseal.c        | 7 +++++++
 src/cmds/tpm_sealdata.c | 5 +++++
 2 files changed, 12 insertions(+)

diff --git a/lib/tpm_unseal.c b/lib/tpm_unseal.c
index 4aadf21..ca32bd1 100644
--- a/lib/tpm_unseal.c
+++ b/lib/tpm_unseal.c
@@ -409,12 +409,18 @@ int tpmUnsealFile( char* fname, unsigned char** tss_data, int* tss_size,
 
 	/* Decode and decrypt the encrypted data */
 	EVP_CIPHER_CTX *ctx = EVP_CIPHER_CTX_new();
+	if (!ctx) {
+		tpm_errno = ENOMEM;
+		rc = TPMSEAL_STD_ERROR;
+		goto tss_out;
+	}
 	EVP_DecryptInit(ctx, EVP_aes_256_cbc(), symKey, (unsigned char *)TPMSEAL_IV);
 
 	/* Create a base64 BIO to decode the encrypted data */
 	if ((b64 = BIO_new(BIO_f_base64())) == NULL) {
 		tpm_errno = EAGAIN;
 		rc = TPMSEAL_STD_ERROR;
+		EVP_CIPHER_CTX_free(ctx);
 		goto tss_out;
 	}
 
@@ -425,6 +431,7 @@ int tpmUnsealFile( char* fname, unsigned char** tss_data, int* tss_size,
 		res_size += rcLen;
 	}
 	EVP_DecryptFinal(ctx, res_data+res_size, &rcLen);
+	EVP_CIPHER_CTX_free(ctx);
 	res_size += rcLen;
 	bmem = BIO_pop(b64);
 	BIO_free(b64);
diff --git a/src/cmds/tpm_sealdata.c b/src/cmds/tpm_sealdata.c
index 88f63ca..dda7320 100644
--- a/src/cmds/tpm_sealdata.c
+++ b/src/cmds/tpm_sealdata.c
@@ -344,6 +344,10 @@ int main(int argc, char **argv)
 	bdata = BIO_push(b64, bdata);
 
 	EVP_CIPHER_CTX *ctx = EVP_CIPHER_CTX_new();
+	if (!ctx) {
+		logError(_("Unable to allocate cipher context\n"));
+		goto out_close;
+	}
 	EVP_EncryptInit(ctx, EVP_aes_256_cbc(), randKey, (unsigned char *)TPMSEAL_IV);
 
 	while ((lineLen = BIO_read(bin, line, sizeof(line))) > 0) {
@@ -353,6 +357,7 @@ int main(int argc, char **argv)
 	}
 
 	EVP_EncryptFinal(ctx, encData, &encDataLen);
+	EVP_CIPHER_CTX_free(ctx);
 	BIO_write(bdata, encData, encDataLen);
 	if (BIO_flush(bdata) != 1) {
 		logError(_("Unable to flush output\n"));
-- 
2.13.0.rc0.45.ge2cb6ab84


------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
TrouSerS-tech mailing list
TrouSerS-tech@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/trousers-tech
[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic