nhyatt/osslsigncode
1
0
Fork 0
mirror of https://github.com/mtrojnar/osslsigncode.git synced 2025-04-05 09:08:04 -05:00
Code Issues Projects Releases Wiki Activity

Fix memory leak in stream_handle(), CID 1519397, 1519388, 1519402, 1519403

Browse Source
This commit is contained in:
olszomal 2023-01-18 13:39:18 +01:00 committed by Michał Trojnara
parent 199a852c12
commit fade782e58
2 changed files with 19 additions and 11 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

24
msi.c
View File

@ -866,14 +866,19 @@ static uint32_t stream_read(MSI_FILE *msi, MSI_ENTRY *entry, u_char *p_msi, uint
u_char *p_msiex, uint32_t len_msiex, char **indata, uint32_t inlen, int is_root) u_char *p_msiex, uint32_t len_msiex, char **indata, uint32_t inlen, int is_root)
{ {
if (is_root && !memcmp(entry->name, digital_signature, sizeof digital_signature)) { if (is_root && !memcmp(entry->name, digital_signature, sizeof digital_signature)) {
*indata = (char *)p_msi; /* DigitalSignature */
inlen = len_msi; inlen = len_msi;
*indata = OPENSSL_malloc((size_t)inlen);
memcpy(*indata, p_msi, (size_t)inlen);
} else if (is_root && !memcmp(entry->name, digital_signature_ex, sizeof digital_signature_ex)) { } else if (is_root && !memcmp(entry->name, digital_signature_ex, sizeof digital_signature_ex)) {
*indata = (char *)p_msiex; /* MsiDigitalSignatureEx */
inlen = len_msiex; inlen = len_msiex;
} else { *indata = OPENSSL_malloc((size_t)inlen);
memcpy(*indata, p_msiex, (size_t)inlen);
} else if (inlen != 0) {
*indata = (char *)OPENSSL_malloc(inlen);
if (!msi_file_read(msi, entry, 0, *indata, inlen)) { if (!msi_file_read(msi, entry, 0, *indata, inlen)) {
printf("Failed to read stream data\n"); OPENSSL_free(indata);
return 0; /* FAILED */ return 0; /* FAILED */
} }
} }
@ -901,12 +906,17 @@ static int stream_handle(MSI_FILE *msi, MSI_DIRENT *dirent, u_char *p_msi, uint3
return 0; /* FAILED */ return 0; /* FAILED */
} }
} else { /* DIR_STREAM */ } else { /* DIR_STREAM */
uint32_t inlen = GET_UINT32_LE(child->entry->size);
char *indata = (char *)OPENSSL_malloc(inlen);
char buf[MAX_SECTOR_SIZE]; char buf[MAX_SECTOR_SIZE];
char *indata;
uint32_t inlen = GET_UINT32_LE(child->entry->size);
if (inlen >= MAXREGSECT) {
printf("Corrupted stream length 0x%08X\n", inlen);
return 0; /* FAILED */
}
/* DigitalSignature or MsiDigitalSignatureEx: inlen == 0 */
inlen = stream_read(msi, child->entry, p_msi, len_msi, p_msiex, len_msiex, &indata, inlen, is_root); inlen = stream_read(msi, child->entry, p_msi, len_msi, p_msiex, len_msiex, &indata, inlen, is_root);
if (inlen == 0) { if (inlen == 0) {
printf("Failed to read stream data\n");
continue; continue;
} }
/* set the size of the user-defined data if this is a stream object */ /* set the size of the user-defined data if this is a stream object */

6
osslsigncode.c
View File

@ -4776,10 +4776,7 @@ static int append_signature(PKCS7 *sig, PKCS7 *cursig, file_type_t type,
BIO_write(outdata, p, *padlen); BIO_write(outdata, p, *padlen);
} }
} else if (type == FILE_TYPE_MSI) { } else if (type == FILE_TYPE_MSI) {
int len_msi = *len; if (!msi_file_write(msiparams->msi, msiparams->dirent, p, (uint32_t)*len,
u_char *p_msi = OPENSSL_malloc((size_t)len_msi);
memcpy(p_msi, p, (size_t)len_msi);
if (!msi_file_write(msiparams->msi, msiparams->dirent, p_msi, (uint32_t)len_msi,
msiparams->p_msiex, (uint32_t)msiparams->len_msiex, outdata)) { msiparams->p_msiex, (uint32_t)msiparams->len_msiex, outdata)) {
printf("Saving the msi file failed\n"); printf("Saving the msi file failed\n");
OPENSSL_free(p); OPENSSL_free(p);
@ -5484,6 +5481,7 @@ static void free_msi_params(MSI_PARAMS *msiparams)
{ {
msi_file_free(msiparams->msi); msi_file_free(msiparams->msi);
msi_dirent_free(msiparams->dirent); msi_dirent_free(msiparams->dirent);
OPENSSL_free(msiparams->p_msiex);
} }
static void free_crypto_params(CRYPTO_PARAMS *cparams) static void free_crypto_params(CRYPTO_PARAMS *cparams)