From 1e792cb2f5c29413476f5149fb1e5bd677cfe1ea Mon Sep 17 00:00:00 2001
From: Doug Hogan <hogand@users.noreply.github.com>
Date: Fri, 4 Jan 2019 00:00:28 -0800
Subject: Revamp aes_ctr_stream_encrypt()

* Add error handling for all OpenSSL and Erlang calls.
---
 lib/crypto/c_src/aes.c | 44 +++++++++++++++++++++++++++++++++-----------
 1 file changed, 33 insertions(+), 11 deletions(-)

(limited to 'lib/crypto/c_src')

diff --git a/lib/crypto/c_src/aes.c b/lib/crypto/c_src/aes.c
index 624e9427fb..530b64fea0 100644
--- a/lib/crypto/c_src/aes.c
+++ b/lib/crypto/c_src/aes.c
@@ -229,26 +229,48 @@ ERL_NIF_TERM aes_ctr_stream_init(ErlNifEnv* env, int argc, const ERL_NIF_TERM ar
 
 ERL_NIF_TERM aes_ctr_stream_encrypt(ErlNifEnv* env, int argc, const ERL_NIF_TERM argv[])
 {/* (Context, Data) */
-    struct evp_cipher_ctx *ctx, *new_ctx;
+    struct evp_cipher_ctx *ctx = NULL, *new_ctx = NULL;
     ErlNifBinary   data_bin;
     ERL_NIF_TERM   ret, cipher_term;
     unsigned char  *out;
     int            outl = 0;
 
-    if (!enif_get_resource(env, argv[0], evp_cipher_ctx_rtype, (void**)&ctx)
-        || !enif_inspect_iolist_as_binary(env, argv[1], &data_bin)) {
-        return enif_make_badarg(env);
-    }
-    new_ctx = enif_alloc_resource(evp_cipher_ctx_rtype, sizeof(struct evp_cipher_ctx));
-    new_ctx->ctx = EVP_CIPHER_CTX_new();
-    EVP_CIPHER_CTX_copy(new_ctx->ctx, ctx->ctx);
-    out = enif_make_new_binary(env, data_bin.size, &cipher_term);
-    EVP_CipherUpdate(new_ctx->ctx, out, &outl, data_bin.data, data_bin.size);
+    if (argc != 2)
+        goto bad_arg;
+    if (!enif_get_resource(env, argv[0], evp_cipher_ctx_rtype, (void**)&ctx))
+        goto bad_arg;
+    if (!enif_inspect_iolist_as_binary(env, argv[1], &data_bin))
+        goto bad_arg;
+    if (data_bin.size > INT_MAX)
+        goto bad_arg;
+
+    if ((new_ctx = enif_alloc_resource(evp_cipher_ctx_rtype, sizeof(struct evp_cipher_ctx))) == NULL)
+        goto err;
+    if ((new_ctx->ctx = EVP_CIPHER_CTX_new()) == NULL)
+        goto err;
+
+    if (EVP_CIPHER_CTX_copy(new_ctx->ctx, ctx->ctx) != 1)
+        goto err;
+
+    if ((out = enif_make_new_binary(env, data_bin.size, &cipher_term)) == NULL)
+        goto err;
+
+    if (EVP_CipherUpdate(new_ctx->ctx, out, &outl, data_bin.data, (int)data_bin.size) != 1)
+        goto err;
     ASSERT(outl == data_bin.size);
 
     ret = enif_make_tuple2(env, enif_make_resource(env, new_ctx), cipher_term);
-    enif_release_resource(new_ctx);
     CONSUME_REDS(env,data_bin);
+    goto done;
+
+ bad_arg:
+    return enif_make_badarg(env);
+
+ err:
+    ret = enif_make_badarg(env);
+
+ done:
+    enif_release_resource(new_ctx);
     return ret;
 }
 
-- 
cgit v1.2.3