[openssl-commits] [openssl] master update

Andy Polyakov appro at openssl.org
Tue Oct 10 18:01:42 UTC 2017 

The branch master has been updated
       via  32f3b98d1302d4c0950dc1bf94b50269b6edbd95 (commit)
      from  65e6b9a42364d7dd1108d952ff1c58f3b911ddc0 (commit)


- Log -----------------------------------------------------------------
commit 32f3b98d1302d4c0950dc1bf94b50269b6edbd95
Author: Andy Polyakov <appro at openssl.org>
Date:   Sun Oct 8 20:10:13 2017 +0200

    crypto/x509v3/v3_utl.c, ssl/ssl_cert.c: fix Coverity problems.
    
    Reviewed-by: Rich Salz <rsalz at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/4492)

-----------------------------------------------------------------------

Summary of changes:
 crypto/x509v3/v3_utl.c | 5 ++++-
 ssl/ssl_cert.c         | 8 +++++---
 2 files changed, 9 insertions(+), 4 deletions(-)

diff --git a/crypto/x509v3/v3_utl.c b/crypto/x509v3/v3_utl.c
index 8bba5a6..a839861 100644
--- a/crypto/x509v3/v3_utl.c
+++ b/crypto/x509v3/v3_utl.c
@@ -38,6 +38,7 @@ int X509V3_add_value(const char *name, const char *value,
 {
     CONF_VALUE *vtmp = NULL;
     char *tname = NULL, *tvalue = NULL;
+    int sk_allocated = (*extlist == NULL);
 
     if (name && (tname = OPENSSL_strdup(name)) == NULL)
         goto err;
@@ -45,7 +46,7 @@ int X509V3_add_value(const char *name, const char *value,
         goto err;
     if ((vtmp = OPENSSL_malloc(sizeof(*vtmp))) == NULL)
         goto err;
-    if (*extlist == NULL && (*extlist = sk_CONF_VALUE_new_null()) == NULL)
+    if (sk_allocated && (*extlist = sk_CONF_VALUE_new_null()) == NULL)
         goto err;
     vtmp->section = NULL;
     vtmp->name = tname;
@@ -55,6 +56,8 @@ int X509V3_add_value(const char *name, const char *value,
     return 1;
  err:
     X509V3err(X509V3_F_X509V3_ADD_VALUE, ERR_R_MALLOC_FAILURE);
+    if (sk_allocated)
+        sk_CONF_VALUE_free(*extlist);
     OPENSSL_free(vtmp);
     OPENSSL_free(tname);
     OPENSSL_free(tvalue);
diff --git a/ssl/ssl_cert.c b/ssl/ssl_cert.c
index 008b58f..9a1d936 100644
--- a/ssl/ssl_cert.c
+++ b/ssl/ssl_cert.c
@@ -468,18 +468,20 @@ STACK_OF(X509_NAME) *SSL_dup_CA_list(const STACK_OF(X509_NAME) *sk)
         SSLerr(SSL_F_SSL_DUP_CA_LIST, ERR_R_MALLOC_FAILURE);
         return NULL;
     }
-    if (!sk_X509_NAME_reserve(ret, num))
+    if (!sk_X509_NAME_reserve(ret, num)) {
+        sk_X509_NAME_free(ret);
         return NULL;
+    }
     for (i = 0; i < num; i++) {
         name = X509_NAME_dup(sk_X509_NAME_value(sk, i));
         if (name == NULL) {
+            SSLerr(SSL_F_SSL_DUP_CA_LIST, ERR_R_MALLOC_FAILURE);
             sk_X509_NAME_pop_free(ret, X509_NAME_free);
-            X509_NAME_free(name);
             return NULL;
         }
         sk_X509_NAME_push(ret, name);   /* Cannot fail after reserve call */
     }
-    return (ret);
+    return ret;
 }
 
 void SSL_set0_CA_list(SSL *s, STACK_OF(X509_NAME) *name_list)

More information about the openssl-commits mailing list