diff options
author | Miod Vallat <miod@cvs.openbsd.org> | 2015-07-15 17:00:36 +0000 |
---|---|---|
committer | Miod Vallat <miod@cvs.openbsd.org> | 2015-07-15 17:00:36 +0000 |
commit | 37b5412a920b4129afc31dcba8e54977780b8e54 (patch) | |
tree | 3b223ccb153ca7b46496968c0290e0ce0ff366f5 /lib/libcrypto/x509v3 | |
parent | e57c7e799838a9576ed99327a50a22cdd9629df0 (diff) |
Unchecked allocations, and make sure we do not leak upon error. Fixes
Coverity CID 21739 and more.
ok bcook@
Diffstat (limited to 'lib/libcrypto/x509v3')
-rw-r--r-- | lib/libcrypto/x509v3/v3_cpols.c | 57 |
1 files changed, 36 insertions, 21 deletions
diff --git a/lib/libcrypto/x509v3/v3_cpols.c b/lib/libcrypto/x509v3/v3_cpols.c index 65916778aa7..61e6b3ba472 100644 --- a/lib/libcrypto/x509v3/v3_cpols.c +++ b/lib/libcrypto/x509v3/v3_cpols.c @@ -1,4 +1,4 @@ -/* $OpenBSD: v3_cpols.c,v 1.19 2015/02/14 15:17:52 miod Exp $ */ +/* $OpenBSD: v3_cpols.c,v 1.20 2015/07/15 17:00:35 miod Exp $ */ /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL * project 1999. */ @@ -334,35 +334,45 @@ policy_section(X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *polstrs, int ia5org) int i; CONF_VALUE *cnf; POLICYINFO *pol; - POLICYQUALINFO *qual; + POLICYQUALINFO *nqual = NULL; - if (!(pol = POLICYINFO_new())) + if ((pol = POLICYINFO_new()) == NULL) goto merr; for (i = 0; i < sk_CONF_VALUE_num(polstrs); i++) { cnf = sk_CONF_VALUE_value(polstrs, i); - if (!strcmp(cnf->name, "policyIdentifier")) { + if (strcmp(cnf->name, "policyIdentifier") == 0) { ASN1_OBJECT *pobj; - if (!(pobj = OBJ_txt2obj(cnf->value, 0))) { + + if ((pobj = OBJ_txt2obj(cnf->value, 0)) == NULL) { X509V3err(X509V3_F_POLICY_SECTION, X509V3_R_INVALID_OBJECT_IDENTIFIER); X509V3_conf_err(cnf); goto err; } pol->policyid = pobj; - } else if (!name_cmp(cnf->name, "CPS")) { - if (!pol->qualifiers) - pol->qualifiers = sk_POLICYQUALINFO_new_null(); - if (!(qual = POLICYQUALINFO_new())) + } else if (name_cmp(cnf->name, "CPS") == 0) { + if ((nqual = POLICYQUALINFO_new()) == NULL) goto merr; - if (!sk_POLICYQUALINFO_push(pol->qualifiers, qual)) + nqual->pqualid = OBJ_nid2obj(NID_id_qt_cps); + nqual->d.cpsuri = M_ASN1_IA5STRING_new(); + if (nqual->d.cpsuri == NULL) goto merr; - qual->pqualid = OBJ_nid2obj(NID_id_qt_cps); - qual->d.cpsuri = M_ASN1_IA5STRING_new(); - if (!ASN1_STRING_set(qual->d.cpsuri, cnf->value, - strlen(cnf->value))) + if (ASN1_STRING_set(nqual->d.cpsuri, cnf->value, + strlen(cnf->value)) == 0) + goto merr; + + if (pol->qualifiers == NULL) { + pol->qualifiers = sk_POLICYQUALINFO_new_null(); + if (pol->qualifiers == NULL) + goto merr; + } + if (sk_POLICYQUALINFO_push(pol->qualifiers, nqual) == 0) goto merr; - } else if (!name_cmp(cnf->name, "userNotice")) { + nqual = NULL; + } else if (name_cmp(cnf->name, "userNotice") == 0) { STACK_OF(CONF_VALUE) *unot; + POLICYQUALINFO *qual; + if (*cnf->value != '@') { X509V3err(X509V3_F_POLICY_SECTION, X509V3_R_EXPECTED_A_SECTION_NAME); @@ -370,7 +380,7 @@ policy_section(X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *polstrs, int ia5org) goto err; } unot = X509V3_get_section(ctx, cnf->value + 1); - if (!unot) { + if (unot == NULL) { X509V3err(X509V3_F_POLICY_SECTION, X509V3_R_INVALID_SECTION); X509V3_conf_err(cnf); @@ -378,11 +388,15 @@ policy_section(X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *polstrs, int ia5org) } qual = notice_section(ctx, unot, ia5org); X509V3_section_free(ctx, unot); - if (!qual) + if (qual == NULL) goto err; - if (!pol->qualifiers) pol->qualifiers = - sk_POLICYQUALINFO_new_null(); - if (!sk_POLICYQUALINFO_push(pol->qualifiers, qual)) + + if (pol->qualifiers == NULL) { + pol->qualifiers = sk_POLICYQUALINFO_new_null(); + if (pol->qualifiers == NULL) + goto merr; + } + if (sk_POLICYQUALINFO_push(pol->qualifiers, qual) == 0) goto merr; } else { X509V3err(X509V3_F_POLICY_SECTION, @@ -391,7 +405,7 @@ policy_section(X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *polstrs, int ia5org) goto err; } } - if (!pol->policyid) { + if (pol->policyid == NULL) { X509V3err(X509V3_F_POLICY_SECTION, X509V3_R_NO_POLICY_IDENTIFIER); goto err; @@ -403,6 +417,7 @@ merr: X509V3err(X509V3_F_POLICY_SECTION, ERR_R_MALLOC_FAILURE); err: + POLICYQUALINFO_free(nqual); POLICYINFO_free(pol); return NULL; } |