From 32f3b98d1302d4c0950dc1bf94b50269b6edbd95 Mon Sep 17 00:00:00 2001 From: Andy Polyakov Date: Sun, 8 Oct 2017 20:10:13 +0200 Subject: [PATCH] crypto/x509v3/v3_utl.c, ssl/ssl_cert.c: fix Coverity problems. Reviewed-by: Rich Salz (Merged from https://github.com/openssl/openssl/pull/4492) --- crypto/x509v3/v3_utl.c | 5 ++++- ssl/ssl_cert.c | 8 +++++--- 2 files changed, 9 insertions(+), 4 deletions(-) diff --git a/crypto/x509v3/v3_utl.c b/crypto/x509v3/v3_utl.c index 8bba5a67d2..a839861dba 100644 --- a/crypto/x509v3/v3_utl.c +++ b/crypto/x509v3/v3_utl.c @@ -38,6 +38,7 @@ int X509V3_add_value(const char *name, const char *value, { CONF_VALUE *vtmp = NULL; char *tname = NULL, *tvalue = NULL; + int sk_allocated = (*extlist == NULL); if (name && (tname = OPENSSL_strdup(name)) == NULL) goto err; @@ -45,7 +46,7 @@ int X509V3_add_value(const char *name, const char *value, goto err; if ((vtmp = OPENSSL_malloc(sizeof(*vtmp))) == NULL) goto err; - if (*extlist == NULL && (*extlist = sk_CONF_VALUE_new_null()) == NULL) + if (sk_allocated && (*extlist = sk_CONF_VALUE_new_null()) == NULL) goto err; vtmp->section = NULL; vtmp->name = tname; @@ -55,6 +56,8 @@ int X509V3_add_value(const char *name, const char *value, return 1; err: X509V3err(X509V3_F_X509V3_ADD_VALUE, ERR_R_MALLOC_FAILURE); + if (sk_allocated) + sk_CONF_VALUE_free(*extlist); OPENSSL_free(vtmp); OPENSSL_free(tname); OPENSSL_free(tvalue); diff --git a/ssl/ssl_cert.c b/ssl/ssl_cert.c index 008b58f4bd..9a1d936bb4 100644 --- a/ssl/ssl_cert.c +++ b/ssl/ssl_cert.c @@ -468,18 +468,20 @@ STACK_OF(X509_NAME) *SSL_dup_CA_list(const STACK_OF(X509_NAME) *sk) SSLerr(SSL_F_SSL_DUP_CA_LIST, ERR_R_MALLOC_FAILURE); return NULL; } - if (!sk_X509_NAME_reserve(ret, num)) + if (!sk_X509_NAME_reserve(ret, num)) { + sk_X509_NAME_free(ret); return NULL; + } for (i = 0; i < num; i++) { name = X509_NAME_dup(sk_X509_NAME_value(sk, i)); if (name == NULL) { + SSLerr(SSL_F_SSL_DUP_CA_LIST, ERR_R_MALLOC_FAILURE); sk_X509_NAME_pop_free(ret, X509_NAME_free); - X509_NAME_free(name); return NULL; } sk_X509_NAME_push(ret, name); /* Cannot fail after reserve call */ } - return (ret); + return ret; } void SSL_set0_CA_list(SSL *s, STACK_OF(X509_NAME) *name_list) -- GitLab