summaryrefslogtreecommitdiff
path: root/src/lib
diff options
context:
space:
mode:
authormiod <>2014-10-05 18:27:33 +0000
committermiod <>2014-10-05 18:27:33 +0000
commit609efe03272c03a3afd19ef0d2ffc52628952350 (patch)
treeede0e3e999fe2872ab379d9fde37f8a422ca34a1 /src/lib
parent686c3bd4ac259f91100fafc79b50895d3c7336fa (diff)
downloadopenbsd-609efe03272c03a3afd19ef0d2ffc52628952350.tar.gz
openbsd-609efe03272c03a3afd19ef0d2ffc52628952350.tar.bz2
openbsd-609efe03272c03a3afd19ef0d2ffc52628952350.zip
Be sure to check object allocation for success before using them.
Tweaks and ok guenther@
Diffstat (limited to 'src/lib')
-rw-r--r--src/lib/libcrypto/x509v3/v3_cpols.c15
-rw-r--r--src/lib/libssl/src/crypto/x509v3/v3_cpols.c15
2 files changed, 20 insertions, 10 deletions
diff --git a/src/lib/libcrypto/x509v3/v3_cpols.c b/src/lib/libcrypto/x509v3/v3_cpols.c
index 51d02abd22..d683db697e 100644
--- a/src/lib/libcrypto/x509v3/v3_cpols.c
+++ b/src/lib/libcrypto/x509v3/v3_cpols.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: v3_cpols.c,v 1.15 2014/07/11 08:44:49 jsing Exp $ */ 1/* $OpenBSD: v3_cpols.c,v 1.16 2014/10/05 18:27:33 miod Exp $ */
2/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL 2/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
3 * project 1999. 3 * project 1999.
4 */ 4 */
@@ -160,7 +160,7 @@ STACK_OF(POLICYINFO) *r2i_certpol(X509V3_EXT_METHOD *method, X509V3_CTX *ctx,
160 ia5org = 0; 160 ia5org = 0;
161 for (i = 0; i < sk_CONF_VALUE_num(vals); i++) { 161 for (i = 0; i < sk_CONF_VALUE_num(vals); i++) {
162 cnf = sk_CONF_VALUE_value(vals, i); 162 cnf = sk_CONF_VALUE_value(vals, i);
163 if (cnf->value || !cnf->name ) { 163 if (cnf->value || !cnf->name) {
164 X509V3err(X509V3_F_R2I_CERTPOL, 164 X509V3err(X509V3_F_R2I_CERTPOL,
165 X509V3_R_INVALID_POLICY_IDENTIFIER); 165 X509V3_R_INVALID_POLICY_IDENTIFIER);
166 X509V3_conf_err(cnf); 166 X509V3_conf_err(cnf);
@@ -304,7 +304,11 @@ notice_section(X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *unot, int ia5org)
304 for (i = 0; i < sk_CONF_VALUE_num(unot); i++) { 304 for (i = 0; i < sk_CONF_VALUE_num(unot); i++) {
305 cnf = sk_CONF_VALUE_value(unot, i); 305 cnf = sk_CONF_VALUE_value(unot, i);
306 if (!strcmp(cnf->name, "explicitText")) { 306 if (!strcmp(cnf->name, "explicitText")) {
307 not->exptext = M_ASN1_VISIBLESTRING_new(); 307 if (not->exptext == NULL) {
308 not->exptext = M_ASN1_VISIBLESTRING_new();
309 if (not->exptext == NULL)
310 goto merr;
311 }
308 if (!ASN1_STRING_set(not->exptext, cnf->value, 312 if (!ASN1_STRING_set(not->exptext, cnf->value,
309 strlen(cnf->value))) 313 strlen(cnf->value)))
310 goto merr; 314 goto merr;
@@ -330,8 +334,9 @@ notice_section(X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *unot, int ia5org)
330 if (!(nref = NOTICEREF_new())) 334 if (!(nref = NOTICEREF_new()))
331 goto merr; 335 goto merr;
332 not->noticeref = nref; 336 not->noticeref = nref;
333 } else nref = not->noticeref; 337 } else
334 nos = X509V3_parse_list(cnf->value); 338 nref = not->noticeref;
339 nos = X509V3_parse_list(cnf->value);
335 if (!nos || !sk_CONF_VALUE_num(nos)) { 340 if (!nos || !sk_CONF_VALUE_num(nos)) {
336 X509V3err(X509V3_F_NOTICE_SECTION, 341 X509V3err(X509V3_F_NOTICE_SECTION,
337 X509V3_R_INVALID_NUMBERS); 342 X509V3_R_INVALID_NUMBERS);
diff --git a/src/lib/libssl/src/crypto/x509v3/v3_cpols.c b/src/lib/libssl/src/crypto/x509v3/v3_cpols.c
index 51d02abd22..d683db697e 100644
--- a/src/lib/libssl/src/crypto/x509v3/v3_cpols.c
+++ b/src/lib/libssl/src/crypto/x509v3/v3_cpols.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: v3_cpols.c,v 1.15 2014/07/11 08:44:49 jsing Exp $ */ 1/* $OpenBSD: v3_cpols.c,v 1.16 2014/10/05 18:27:33 miod Exp $ */
2/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL 2/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
3 * project 1999. 3 * project 1999.
4 */ 4 */
@@ -160,7 +160,7 @@ STACK_OF(POLICYINFO) *r2i_certpol(X509V3_EXT_METHOD *method, X509V3_CTX *ctx,
160 ia5org = 0; 160 ia5org = 0;
161 for (i = 0; i < sk_CONF_VALUE_num(vals); i++) { 161 for (i = 0; i < sk_CONF_VALUE_num(vals); i++) {
162 cnf = sk_CONF_VALUE_value(vals, i); 162 cnf = sk_CONF_VALUE_value(vals, i);
163 if (cnf->value || !cnf->name ) { 163 if (cnf->value || !cnf->name) {
164 X509V3err(X509V3_F_R2I_CERTPOL, 164 X509V3err(X509V3_F_R2I_CERTPOL,
165 X509V3_R_INVALID_POLICY_IDENTIFIER); 165 X509V3_R_INVALID_POLICY_IDENTIFIER);
166 X509V3_conf_err(cnf); 166 X509V3_conf_err(cnf);
@@ -304,7 +304,11 @@ notice_section(X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *unot, int ia5org)
304 for (i = 0; i < sk_CONF_VALUE_num(unot); i++) { 304 for (i = 0; i < sk_CONF_VALUE_num(unot); i++) {
305 cnf = sk_CONF_VALUE_value(unot, i); 305 cnf = sk_CONF_VALUE_value(unot, i);
306 if (!strcmp(cnf->name, "explicitText")) { 306 if (!strcmp(cnf->name, "explicitText")) {
307 not->exptext = M_ASN1_VISIBLESTRING_new(); 307 if (not->exptext == NULL) {
308 not->exptext = M_ASN1_VISIBLESTRING_new();
309 if (not->exptext == NULL)
310 goto merr;
311 }
308 if (!ASN1_STRING_set(not->exptext, cnf->value, 312 if (!ASN1_STRING_set(not->exptext, cnf->value,
309 strlen(cnf->value))) 313 strlen(cnf->value)))
310 goto merr; 314 goto merr;
@@ -330,8 +334,9 @@ notice_section(X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *unot, int ia5org)
330 if (!(nref = NOTICEREF_new())) 334 if (!(nref = NOTICEREF_new()))
331 goto merr; 335 goto merr;
332 not->noticeref = nref; 336 not->noticeref = nref;
333 } else nref = not->noticeref; 337 } else
334 nos = X509V3_parse_list(cnf->value); 338 nref = not->noticeref;
339 nos = X509V3_parse_list(cnf->value);
335 if (!nos || !sk_CONF_VALUE_num(nos)) { 340 if (!nos || !sk_CONF_VALUE_num(nos)) {
336 X509V3err(X509V3_F_NOTICE_SECTION, 341 X509V3err(X509V3_F_NOTICE_SECTION,
337 X509V3_R_INVALID_NUMBERS); 342 X509V3_R_INVALID_NUMBERS);
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-03-23 11:18:03 +0000