[openssl-commits] [openssl] OpenSSL_1_1_0-stable update

Matt Caswell matt at openssl.org
Thu Feb 15 15:32:46 UTC 2018


The branch OpenSSL_1_1_0-stable has been updated
       via  ed1306451f702aae629ccc39d826a96836b3b069 (commit)
       via  eadc6bbb9c472589020a25a94d306610a1d76af5 (commit)
      from  144724c75584054329a9d6bb7711cec527fbf523 (commit)


- Log -----------------------------------------------------------------
commit ed1306451f702aae629ccc39d826a96836b3b069
Author: Matt Caswell <matt at openssl.org>
Date:   Mon Feb 12 17:47:50 2018 +0000

    Check the return code from ASN1_TIME_diff()
    
    The function can fail so we should check the return code.
    
    Found by Coverity
    
    Reviewed-by: Bernd Edlinger <bernd.edlinger at hotmail.de>
    (Merged from https://github.com/openssl/openssl/pull/5339)
    
    (cherry picked from commit 0d502c3511ab3b1c8acb129fb3af836727b8092d)

commit eadc6bbb9c472589020a25a94d306610a1d76af5
Author: Matt Caswell <matt at openssl.org>
Date:   Mon Feb 12 17:43:38 2018 +0000

    The function X509_gmtime_adj() can fail
    
    Check for a failure and free a_tm as appropriate.
    
    Found by Coverity
    
    Reviewed-by: Bernd Edlinger <bernd.edlinger at hotmail.de>
    (Merged from https://github.com/openssl/openssl/pull/5339)
    
    (cherry picked from commit bc2a0dd283c0f61df572b8c2aaf3bfc2dd4b7571)

-----------------------------------------------------------------------

Summary of changes:
 apps/ca.c | 21 +++++++++++++--------
 1 file changed, 13 insertions(+), 8 deletions(-)

diff --git a/apps/ca.c b/apps/ca.c
index 633f6e3..26ca6bb 100644
--- a/apps/ca.c
+++ b/apps/ca.c
@@ -1095,13 +1095,13 @@ end_of_options:
             goto end;
 
         tmptm = ASN1_TIME_new();
-        if (tmptm == NULL)
-            goto end;
-        X509_gmtime_adj(tmptm, 0);
-        X509_CRL_set1_lastUpdate(crl, tmptm);
-        if (!X509_time_adj_ex(tmptm, crldays, crlhours * 60 * 60 + crlsec,
-                              NULL)) {
+        if (tmptm == NULL
+                || X509_gmtime_adj(tmptm, 0) == NULL
+                || !X509_CRL_set1_lastUpdate(crl, tmptm)
+                || X509_time_adj_ex(tmptm, crldays, crlhours * 60 * 60 + crlsec,
+                                    NULL) == NULL) {
             BIO_puts(bio_err, "error setting CRL nextUpdate\n");
+            ASN1_TIME_free(tmptm);
             goto end;
         }
         X509_CRL_set1_nextUpdate(crl, tmptm);
@@ -1711,7 +1711,9 @@ static int do_body(X509 **xret, EVP_PKEY *pkey, X509 *x509,
 
     if (enddate != NULL) {
         int tdays;
-        ASN1_TIME_diff(&tdays, NULL, NULL, X509_get0_notAfter(ret));
+
+        if (!ASN1_TIME_diff(&tdays, NULL, NULL, X509_get0_notAfter(ret)))
+            goto end;
         days = tdays;
     }
 
@@ -2215,7 +2217,10 @@ static int do_updatedb(CA_DB *db)
         return -1;
 
     /* get actual time and make a string */
-    a_tm = X509_gmtime_adj(a_tm, 0);
+    if (X509_gmtime_adj(a_tm, 0) == NULL) {
+        ASN1_UTCTIME_free(a_tm);
+        return -1;
+    }
     a_tm_s = app_malloc(a_tm->length + 1, "time string");
 
     memcpy(a_tm_s, a_tm->data, a_tm->length);


More information about the openssl-commits mailing list