summaryrefslogtreecommitdiff
path: root/lib/libcrypto/x509v3
diff options
context:
space:
mode:
authorMiod Vallat <miod@cvs.openbsd.org>2015-07-15 17:00:36 +0000
committerMiod Vallat <miod@cvs.openbsd.org>2015-07-15 17:00:36 +0000
commit37b5412a920b4129afc31dcba8e54977780b8e54 (patch)
tree3b223ccb153ca7b46496968c0290e0ce0ff366f5 /lib/libcrypto/x509v3
parente57c7e799838a9576ed99327a50a22cdd9629df0 (diff)
Unchecked allocations, and make sure we do not leak upon error. Fixes
Coverity CID 21739 and more. ok bcook@
Diffstat (limited to 'lib/libcrypto/x509v3')
-rw-r--r--lib/libcrypto/x509v3/v3_cpols.c57
1 files changed, 36 insertions, 21 deletions
diff --git a/lib/libcrypto/x509v3/v3_cpols.c b/lib/libcrypto/x509v3/v3_cpols.c
index 65916778aa7..61e6b3ba472 100644
--- a/lib/libcrypto/x509v3/v3_cpols.c
+++ b/lib/libcrypto/x509v3/v3_cpols.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: v3_cpols.c,v 1.19 2015/02/14 15:17:52 miod Exp $ */
+/* $OpenBSD: v3_cpols.c,v 1.20 2015/07/15 17:00:35 miod Exp $ */
/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
* project 1999.
*/
@@ -334,35 +334,45 @@ policy_section(X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *polstrs, int ia5org)
int i;
CONF_VALUE *cnf;
POLICYINFO *pol;
- POLICYQUALINFO *qual;
+ POLICYQUALINFO *nqual = NULL;
- if (!(pol = POLICYINFO_new()))
+ if ((pol = POLICYINFO_new()) == NULL)
goto merr;
for (i = 0; i < sk_CONF_VALUE_num(polstrs); i++) {
cnf = sk_CONF_VALUE_value(polstrs, i);
- if (!strcmp(cnf->name, "policyIdentifier")) {
+ if (strcmp(cnf->name, "policyIdentifier") == 0) {
ASN1_OBJECT *pobj;
- if (!(pobj = OBJ_txt2obj(cnf->value, 0))) {
+
+ if ((pobj = OBJ_txt2obj(cnf->value, 0)) == NULL) {
X509V3err(X509V3_F_POLICY_SECTION,
X509V3_R_INVALID_OBJECT_IDENTIFIER);
X509V3_conf_err(cnf);
goto err;
}
pol->policyid = pobj;
- } else if (!name_cmp(cnf->name, "CPS")) {
- if (!pol->qualifiers)
- pol->qualifiers = sk_POLICYQUALINFO_new_null();
- if (!(qual = POLICYQUALINFO_new()))
+ } else if (name_cmp(cnf->name, "CPS") == 0) {
+ if ((nqual = POLICYQUALINFO_new()) == NULL)
goto merr;
- if (!sk_POLICYQUALINFO_push(pol->qualifiers, qual))
+ nqual->pqualid = OBJ_nid2obj(NID_id_qt_cps);
+ nqual->d.cpsuri = M_ASN1_IA5STRING_new();
+ if (nqual->d.cpsuri == NULL)
goto merr;
- qual->pqualid = OBJ_nid2obj(NID_id_qt_cps);
- qual->d.cpsuri = M_ASN1_IA5STRING_new();
- if (!ASN1_STRING_set(qual->d.cpsuri, cnf->value,
- strlen(cnf->value)))
+ if (ASN1_STRING_set(nqual->d.cpsuri, cnf->value,
+ strlen(cnf->value)) == 0)
+ goto merr;
+
+ if (pol->qualifiers == NULL) {
+ pol->qualifiers = sk_POLICYQUALINFO_new_null();
+ if (pol->qualifiers == NULL)
+ goto merr;
+ }
+ if (sk_POLICYQUALINFO_push(pol->qualifiers, nqual) == 0)
goto merr;
- } else if (!name_cmp(cnf->name, "userNotice")) {
+ nqual = NULL;
+ } else if (name_cmp(cnf->name, "userNotice") == 0) {
STACK_OF(CONF_VALUE) *unot;
+ POLICYQUALINFO *qual;
+
if (*cnf->value != '@') {
X509V3err(X509V3_F_POLICY_SECTION,
X509V3_R_EXPECTED_A_SECTION_NAME);
@@ -370,7 +380,7 @@ policy_section(X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *polstrs, int ia5org)
goto err;
}
unot = X509V3_get_section(ctx, cnf->value + 1);
- if (!unot) {
+ if (unot == NULL) {
X509V3err(X509V3_F_POLICY_SECTION,
X509V3_R_INVALID_SECTION);
X509V3_conf_err(cnf);
@@ -378,11 +388,15 @@ policy_section(X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *polstrs, int ia5org)
}
qual = notice_section(ctx, unot, ia5org);
X509V3_section_free(ctx, unot);
- if (!qual)
+ if (qual == NULL)
goto err;
- if (!pol->qualifiers) pol->qualifiers =
- sk_POLICYQUALINFO_new_null();
- if (!sk_POLICYQUALINFO_push(pol->qualifiers, qual))
+
+ if (pol->qualifiers == NULL) {
+ pol->qualifiers = sk_POLICYQUALINFO_new_null();
+ if (pol->qualifiers == NULL)
+ goto merr;
+ }
+ if (sk_POLICYQUALINFO_push(pol->qualifiers, qual) == 0)
goto merr;
} else {
X509V3err(X509V3_F_POLICY_SECTION,
@@ -391,7 +405,7 @@ policy_section(X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *polstrs, int ia5org)
goto err;
}
}
- if (!pol->policyid) {
+ if (pol->policyid == NULL) {
X509V3err(X509V3_F_POLICY_SECTION,
X509V3_R_NO_POLICY_IDENTIFIER);
goto err;
@@ -403,6 +417,7 @@ merr:
X509V3err(X509V3_F_POLICY_SECTION, ERR_R_MALLOC_FAILURE);
err:
+ POLICYQUALINFO_free(nqual);
POLICYINFO_free(pol);
return NULL;
}