Remove NULL check before free in openssl(1) ca

ok tb@
author: inoguchi <> 2021-08-30 12:12:11 +0000
committer: inoguchi <> 2021-08-30 12:12:11 +0000
commit: 87fca0bfe6ce9ec1cbd4180c6de9af4be3820717 (patch)
tree: 73e52556c40ef793ffbfde6f6fb7b6ec148eddff
parent: b065d46fe0a0fbd0ab234a272db04cbcc1e40b4f (diff)
download: openbsd-87fca0bfe6ce9ec1cbd4180c6de9af4be3820717.tar.gz
openbsd-87fca0bfe6ce9ec1cbd4180c6de9af4be3820717.tar.bz2
openbsd-87fca0bfe6ce9ec1cbd4180c6de9af4be3820717.zip
1 files changed, 25 insertions, 41 deletions
diff --git a/src/usr.bin/openssl/ca.c b/src/usr.bin/openssl/ca.c
index 39e761633f..b3c2b31663 100644
--- a/src/usr.bin/openssl/ca.c
+++ b/src/usr.bin/openssl/ca.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ca.c,v 1.41 2021/08/28 05:30:09 inoguchi Exp $ */
+/* $OpenBSD: ca.c,v 1.42 2021/08/30 12:12:11 inoguchi Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
@@ -1512,10 +1512,9 @@ ca_main(int argc, char **argv)
                        if (!save_serial(crlnumberfile, "new", crlnumber, NULL))
                                goto err;
-                if (crlnumber != NULL) {
+                BN_free(crlnumber);
-                        BN_free(crlnumber);
+                crlnumber = NULL;
-                        crlnumber = NULL;
-                }
                if (!do_X509_CRL_sign(bio_err, crl, pkey, dgst,
                    ca_config.sigopts))
                        goto err;
@@ -1565,21 +1564,18 @@ ca_main(int argc, char **argv)
        BIO_free_all(out);
        BIO_free_all(in);
-        if (cert_sk)
+        sk_X509_pop_free(cert_sk, X509_free);
-                sk_X509_pop_free(cert_sk, X509_free);
        if (ret)
                ERR_print_errors(bio_err);
-        if (free_key && ca_config.key)
+        if (free_key)
                free(ca_config.key);
        BN_free(serial);
        BN_free(crlnumber);
        free_index(db);
-        if (ca_config.sigopts)
+        sk_OPENSSL_STRING_free(ca_config.sigopts);
-                sk_OPENSSL_STRING_free(ca_config.sigopts);
        EVP_PKEY_free(pkey);
-        if (x509)
+        X509_free(x509);
-                X509_free(x509);
        X509_CRL_free(crl);
        X509_REVOKED_free(r);
        ASN1_TIME_free(tmptm);
@@ -1659,10 +1655,9 @@ certify(X509 **xret, char *infile, EVP_PKEY *pkey, X509 *x509,
            ext_copy, selfsign);
 err:
-        if (req != NULL)
+        X509_REQ_free(req);
-                X509_REQ_free(req);
+        BIO_free(in);
-        if (in != NULL)
-                BIO_free(in);
        return (ok);
 }
@@ -1718,10 +1713,9 @@ certify_cert(X509 **xret, char *infile, EVP_PKEY *pkey, X509 *x509,
            ext_copy, 0);
 err:
-        if (rreq != NULL)
+        X509_REQ_free(rreq);
-                X509_REQ_free(rreq);
+        X509_free(req);
-        if (req != NULL)
-                X509_free(req);
        return (ok);
 }
@@ -1940,8 +1934,7 @@ do_body(X509 **xret, EVP_PKEY *pkey, X509 *x509, const EVP_MD *dgst,
                        if (push != NULL) {
                                if (!X509_NAME_add_entry(subject, push,
                                    -1, 0)) {
-                                        if (push != NULL)
+                                        X509_NAME_ENTRY_free(push);
-                                                X509_NAME_ENTRY_free(push);
                                        BIO_printf(bio_err,
                                            "Memory allocation failure\n");
                                        goto err;
@@ -2129,10 +2122,7 @@ do_body(X509 **xret, EVP_PKEY *pkey, X509 *x509, const EVP_MD *dgst,
                 * Free the current entries if any, there should not be any I
                 * believe
                 */
-                if (ci->extensions != NULL)
+                sk_X509_EXTENSION_pop_free(ci->extensions, X509_EXTENSION_free);
-                        sk_X509_EXTENSION_pop_free(ci->extensions,
-                            X509_EXTENSION_free);
                ci->extensions = NULL;
                /* Initialize the context structure */
@@ -2290,20 +2280,17 @@ do_body(X509 **xret, EVP_PKEY *pkey, X509 *x509, const EVP_MD *dgst,
        for (i = 0; i < DB_NUMBER; i++)
                free(row[i]);
-        if (CAname != NULL)
+        X509_NAME_free(CAname);
-                X509_NAME_free(CAname);
+        X509_NAME_free(subject);
-        if (subject != NULL)
+        if (!email_dn)
-                X509_NAME_free(subject);
-        if ((dn_subject != NULL) && !email_dn)
                X509_NAME_free(dn_subject);
-        if (tmptm != NULL)
+        ASN1_UTCTIME_free(tmptm);
-                ASN1_UTCTIME_free(tmptm);
        if (ok <= 0) {
-                if (ret != NULL)
+                X509_free(ret);
-                        X509_free(ret);
                ret = NULL;
        } else
                *xret = ret;
        return (ok);
 }
@@ -2451,12 +2438,9 @@ certify_spkac(X509 **xret, char *infile, EVP_PKEY *pkey, X509 *x509,
            ext_copy, 0);
 err:
-        if (req != NULL)
+        X509_REQ_free(req);
-                X509_REQ_free(req);
+        CONF_free(parms);
-        if (parms != NULL)
+        NETSCAPE_SPKI_free(spki);
-                CONF_free(parms);
-        if (spki != NULL)
-                NETSCAPE_SPKI_free(spki);
        return (ok);
 }
author	inoguchi <>	2021-08-30 12:12:11 +0000
committer	inoguchi <>	2021-08-30 12:12:11 +0000
commit	87fca0bfe6ce9ec1cbd4180c6de9af4be3820717 (patch)
tree	73e52556c40ef793ffbfde6f6fb7b6ec148eddff
parent	b065d46fe0a0fbd0ab234a272db04cbcc1e40b4f (diff)
download	openbsd-87fca0bfe6ce9ec1cbd4180c6de9af4be3820717.tar.gz openbsd-87fca0bfe6ce9ec1cbd4180c6de9af4be3820717.tar.bz2 openbsd-87fca0bfe6ce9ec1cbd4180c6de9af4be3820717.zip

diff --git a/src/usr.bin/openssl/ca.c b/src/usr.bin/openssl/ca.c index 39e761633f..b3c2b31663 100644 --- a/src/usr.bin/openssl/ca.c +++ b/src/usr.bin/openssl/ca.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: ca.c,v 1.41 2021/08/28 05:30:09 inoguchi Exp $ */	1	/* $OpenBSD: ca.c,v 1.42 2021/08/30 12:12:11 inoguchi Exp $ */
2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)	2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3	* All rights reserved.	3	* All rights reserved.
4	*	4	*
@@ -1512,10 +1512,9 @@ ca_main(int argc, char **argv)
1512	if (!save_serial(crlnumberfile, "new", crlnumber, NULL))	1512	if (!save_serial(crlnumberfile, "new", crlnumber, NULL))
1513	goto err;	1513	goto err;
1514		1514
1515	if (crlnumber != NULL) {	1515	BN_free(crlnumber);
1516	BN_free(crlnumber);	1516	crlnumber = NULL;
1517	crlnumber = NULL;	1517
1518	}
1519	if (!do_X509_CRL_sign(bio_err, crl, pkey, dgst,	1518	if (!do_X509_CRL_sign(bio_err, crl, pkey, dgst,
1520	ca_config.sigopts))	1519	ca_config.sigopts))
1521	goto err;	1520	goto err;
@@ -1565,21 +1564,18 @@ ca_main(int argc, char **argv)
1565	BIO_free_all(out);	1564	BIO_free_all(out);
1566	BIO_free_all(in);	1565	BIO_free_all(in);
1567		1566
1568	if (cert_sk)	1567	sk_X509_pop_free(cert_sk, X509_free);
1569	sk_X509_pop_free(cert_sk, X509_free);
1570		1568
1571	if (ret)	1569	if (ret)
1572	ERR_print_errors(bio_err);	1570	ERR_print_errors(bio_err);
1573	if (free_key && ca_config.key)	1571	if (free_key)
1574	free(ca_config.key);	1572	free(ca_config.key);
1575	BN_free(serial);	1573	BN_free(serial);
1576	BN_free(crlnumber);	1574	BN_free(crlnumber);
1577	free_index(db);	1575	free_index(db);
1578	if (ca_config.sigopts)	1576	sk_OPENSSL_STRING_free(ca_config.sigopts);
1579	sk_OPENSSL_STRING_free(ca_config.sigopts);
1580	EVP_PKEY_free(pkey);	1577	EVP_PKEY_free(pkey);
1581	if (x509)	1578	X509_free(x509);
1582	X509_free(x509);
1583	X509_CRL_free(crl);	1579	X509_CRL_free(crl);
1584	X509_REVOKED_free(r);	1580	X509_REVOKED_free(r);
1585	ASN1_TIME_free(tmptm);	1581	ASN1_TIME_free(tmptm);
@@ -1659,10 +1655,9 @@ certify(X509 *xret, char infile, EVP_PKEY pkey, X509 x509,
1659	ext_copy, selfsign);	1655	ext_copy, selfsign);
1660		1656
1661	err:	1657	err:
1662	if (req != NULL)	1658	X509_REQ_free(req);
1663	X509_REQ_free(req);	1659	BIO_free(in);
1664	if (in != NULL)	1660
1665	BIO_free(in);
1666	return (ok);	1661	return (ok);
1667	}	1662	}
1668		1663
@@ -1718,10 +1713,9 @@ certify_cert(X509 *xret, char infile, EVP_PKEY pkey, X509 x509,
1718	ext_copy, 0);	1713	ext_copy, 0);
1719		1714
1720	err:	1715	err:
1721	if (rreq != NULL)	1716	X509_REQ_free(rreq);
1722	X509_REQ_free(rreq);	1717	X509_free(req);
1723	if (req != NULL)	1718
1724	X509_free(req);
1725	return (ok);	1719	return (ok);
1726	}	1720	}
1727		1721
@@ -1940,8 +1934,7 @@ do_body(X509 *xret, EVP_PKEY pkey, X509 x509, const EVP_MD dgst,
1940	if (push != NULL) {	1934	if (push != NULL) {
1941	if (!X509_NAME_add_entry(subject, push,	1935	if (!X509_NAME_add_entry(subject, push,
1942	-1, 0)) {	1936	-1, 0)) {
1943	if (push != NULL)	1937	X509_NAME_ENTRY_free(push);
1944	X509_NAME_ENTRY_free(push);
1945	BIO_printf(bio_err,	1938	BIO_printf(bio_err,
1946	"Memory allocation failure\n");	1939	"Memory allocation failure\n");
1947	goto err;	1940	goto err;
@@ -2129,10 +2122,7 @@ do_body(X509 *xret, EVP_PKEY pkey, X509 x509, const EVP_MD dgst,
2129	* Free the current entries if any, there should not be any I	2122	* Free the current entries if any, there should not be any I
2130	* believe	2123	* believe
2131	*/	2124	*/
2132	if (ci->extensions != NULL)	2125	sk_X509_EXTENSION_pop_free(ci->extensions, X509_EXTENSION_free);
2133	sk_X509_EXTENSION_pop_free(ci->extensions,
2134	X509_EXTENSION_free);
2135
2136	ci->extensions = NULL;	2126	ci->extensions = NULL;
2137		2127
2138	/* Initialize the context structure */	2128	/* Initialize the context structure */
@@ -2290,20 +2280,17 @@ do_body(X509 *xret, EVP_PKEY pkey, X509 x509, const EVP_MD dgst,
2290	for (i = 0; i < DB_NUMBER; i++)	2280	for (i = 0; i < DB_NUMBER; i++)
2291	free(row[i]);	2281	free(row[i]);
2292		2282
2293	if (CAname != NULL)	2283	X509_NAME_free(CAname);
2294	X509_NAME_free(CAname);	2284	X509_NAME_free(subject);
2295	if (subject != NULL)	2285	if (!email_dn)
2296	X509_NAME_free(subject);
2297	if ((dn_subject != NULL) && !email_dn)
2298	X509_NAME_free(dn_subject);	2286	X509_NAME_free(dn_subject);
2299	if (tmptm != NULL)	2287	ASN1_UTCTIME_free(tmptm);
2300	ASN1_UTCTIME_free(tmptm);
2301	if (ok <= 0) {	2288	if (ok <= 0) {
2302	if (ret != NULL)	2289	X509_free(ret);
2303	X509_free(ret);
2304	ret = NULL;	2290	ret = NULL;
2305	} else	2291	} else
2306	*xret = ret;	2292	*xret = ret;
		2293
2307	return (ok);	2294	return (ok);
2308	}	2295	}
2309		2296
@@ -2451,12 +2438,9 @@ certify_spkac(X509 *xret, char infile, EVP_PKEY pkey, X509 x509,
2451	ext_copy, 0);	2438	ext_copy, 0);
2452		2439
2453	err:	2440	err:
2454	if (req != NULL)	2441	X509_REQ_free(req);
2455	X509_REQ_free(req);	2442	CONF_free(parms);
2456	if (parms != NULL)	2443	NETSCAPE_SPKI_free(spki);
2457	CONF_free(parms);
2458	if (spki != NULL)
2459	NETSCAPE_SPKI_free(spki);
2460		2444
2461	return (ok);	2445	return (ok);
2462	}	2446	}