[openssl-commits] [openssl] OpenSSL_1_1_0-stable update
Matt Caswell
matt at openssl.org
Thu Feb 15 15:32:46 UTC 2018
The branch OpenSSL_1_1_0-stable has been updated
via ed1306451f702aae629ccc39d826a96836b3b069 (commit)
via eadc6bbb9c472589020a25a94d306610a1d76af5 (commit)
from 144724c75584054329a9d6bb7711cec527fbf523 (commit)
- Log -----------------------------------------------------------------
commit ed1306451f702aae629ccc39d826a96836b3b069
Author: Matt Caswell <matt at openssl.org>
Date: Mon Feb 12 17:47:50 2018 +0000
Check the return code from ASN1_TIME_diff()
The function can fail so we should check the return code.
Found by Coverity
Reviewed-by: Bernd Edlinger <bernd.edlinger at hotmail.de>
(Merged from https://github.com/openssl/openssl/pull/5339)
(cherry picked from commit 0d502c3511ab3b1c8acb129fb3af836727b8092d)
commit eadc6bbb9c472589020a25a94d306610a1d76af5
Author: Matt Caswell <matt at openssl.org>
Date: Mon Feb 12 17:43:38 2018 +0000
The function X509_gmtime_adj() can fail
Check for a failure and free a_tm as appropriate.
Found by Coverity
Reviewed-by: Bernd Edlinger <bernd.edlinger at hotmail.de>
(Merged from https://github.com/openssl/openssl/pull/5339)
(cherry picked from commit bc2a0dd283c0f61df572b8c2aaf3bfc2dd4b7571)
-----------------------------------------------------------------------
Summary of changes:
apps/ca.c | 21 +++++++++++++--------
1 file changed, 13 insertions(+), 8 deletions(-)
diff --git a/apps/ca.c b/apps/ca.c
index 633f6e3..26ca6bb 100644
--- a/apps/ca.c
+++ b/apps/ca.c
@@ -1095,13 +1095,13 @@ end_of_options:
goto end;
tmptm = ASN1_TIME_new();
- if (tmptm == NULL)
- goto end;
- X509_gmtime_adj(tmptm, 0);
- X509_CRL_set1_lastUpdate(crl, tmptm);
- if (!X509_time_adj_ex(tmptm, crldays, crlhours * 60 * 60 + crlsec,
- NULL)) {
+ if (tmptm == NULL
+ || X509_gmtime_adj(tmptm, 0) == NULL
+ || !X509_CRL_set1_lastUpdate(crl, tmptm)
+ || X509_time_adj_ex(tmptm, crldays, crlhours * 60 * 60 + crlsec,
+ NULL) == NULL) {
BIO_puts(bio_err, "error setting CRL nextUpdate\n");
+ ASN1_TIME_free(tmptm);
goto end;
}
X509_CRL_set1_nextUpdate(crl, tmptm);
@@ -1711,7 +1711,9 @@ static int do_body(X509 **xret, EVP_PKEY *pkey, X509 *x509,
if (enddate != NULL) {
int tdays;
- ASN1_TIME_diff(&tdays, NULL, NULL, X509_get0_notAfter(ret));
+
+ if (!ASN1_TIME_diff(&tdays, NULL, NULL, X509_get0_notAfter(ret)))
+ goto end;
days = tdays;
}
@@ -2215,7 +2217,10 @@ static int do_updatedb(CA_DB *db)
return -1;
/* get actual time and make a string */
- a_tm = X509_gmtime_adj(a_tm, 0);
+ if (X509_gmtime_adj(a_tm, 0) == NULL) {
+ ASN1_UTCTIME_free(a_tm);
+ return -1;
+ }
a_tm_s = app_malloc(a_tm->length + 1, "time string");
memcpy(a_tm_s, a_tm->data, a_tm->length);
More information about the openssl-commits
mailing list