[openssl-commits] [openssl] master update

Matt Caswell matt at openssl.org
Thu Feb 15 15:32:34 UTC 2018


The branch master has been updated
       via  0d502c3511ab3b1c8acb129fb3af836727b8092d (commit)
       via  bc2a0dd283c0f61df572b8c2aaf3bfc2dd4b7571 (commit)
      from  c471521243c729d344c2ab641feed7cfb7b8a36d (commit)


- Log -----------------------------------------------------------------
commit 0d502c3511ab3b1c8acb129fb3af836727b8092d
Author: Matt Caswell <matt at openssl.org>
Date:   Mon Feb 12 17:47:50 2018 +0000

    Check the return code from ASN1_TIME_diff()
    
    The function can fail so we should check the return code.
    
    Found by Coverity
    
    Reviewed-by: Bernd Edlinger <bernd.edlinger at hotmail.de>
    (Merged from https://github.com/openssl/openssl/pull/5339)

commit bc2a0dd283c0f61df572b8c2aaf3bfc2dd4b7571
Author: Matt Caswell <matt at openssl.org>
Date:   Mon Feb 12 17:43:38 2018 +0000

    The function X509_gmtime_adj() can fail
    
    Check for a failure and free a_tm as appropriate.
    
    Found by Coverity
    
    Reviewed-by: Bernd Edlinger <bernd.edlinger at hotmail.de>
    (Merged from https://github.com/openssl/openssl/pull/5339)

-----------------------------------------------------------------------

Summary of changes:
 apps/ca.c | 21 +++++++++++++--------
 1 file changed, 13 insertions(+), 8 deletions(-)

diff --git a/apps/ca.c b/apps/ca.c
index 0c16050..26c0778 100644
--- a/apps/ca.c
+++ b/apps/ca.c
@@ -1095,13 +1095,13 @@ end_of_options:
             goto end;
 
         tmptm = ASN1_TIME_new();
-        if (tmptm == NULL)
-            goto end;
-        X509_gmtime_adj(tmptm, 0);
-        X509_CRL_set1_lastUpdate(crl, tmptm);
-        if (!X509_time_adj_ex(tmptm, crldays, crlhours * 60 * 60 + crlsec,
-                              NULL)) {
+        if (tmptm == NULL
+                || X509_gmtime_adj(tmptm, 0) == NULL
+                || !X509_CRL_set1_lastUpdate(crl, tmptm)
+                || X509_time_adj_ex(tmptm, crldays, crlhours * 60 * 60 + crlsec,
+                                    NULL) == NULL) {
             BIO_puts(bio_err, "error setting CRL nextUpdate\n");
+            ASN1_TIME_free(tmptm);
             goto end;
         }
         X509_CRL_set1_nextUpdate(crl, tmptm);
@@ -1706,7 +1706,9 @@ static int do_body(X509 **xret, EVP_PKEY *pkey, X509 *x509,
 
     if (enddate != NULL) {
         int tdays;
-        ASN1_TIME_diff(&tdays, NULL, NULL, X509_get0_notAfter(ret));
+
+        if (!ASN1_TIME_diff(&tdays, NULL, NULL, X509_get0_notAfter(ret)))
+            goto end;
         days = tdays;
     }
 
@@ -2209,7 +2211,10 @@ static int do_updatedb(CA_DB *db)
         return -1;
 
     /* get actual time and make a string */
-    a_tm = X509_gmtime_adj(a_tm, 0);
+    if (X509_gmtime_adj(a_tm, 0) == NULL) {
+        ASN1_UTCTIME_free(a_tm);
+        return -1;
+    }
     a_tm_s = app_malloc(a_tm->length + 1, "time string");
 
     memcpy(a_tm_s, a_tm->data, a_tm->length);


More information about the openssl-commits mailing list