Rewrite X509v3_add_ext()

This is another brilliancy straight out of muppet labs. Overeager and misguided sprinkling of NULL checks, going through the trademark poor code review, made this have semantics not matching what almost every other function with this signature would be doing in OpenSSL land. This is a long standing mistake we can't fix without introducing portability traps, but at least annotate it. Simplify the elaborate dance steps and make this resemble actual code. ok jsing
author: tb <> 2024-07-12 08:58:59 +0000
committer: tb <> 2024-07-12 08:58:59 +0000
commit: 169d571ee404430f51bf229b3f90aed37a7e8289 (patch)
tree: c721ff385f75066020335739b6a598ea17de63b6 /src
parent: a2c60e8511e787112fbdd3538d024eaea0443f83 (diff)
download: openbsd-169d571ee404430f51bf229b3f90aed37a7e8289.tar.gz
openbsd-169d571ee404430f51bf229b3f90aed37a7e8289.tar.bz2
openbsd-169d571ee404430f51bf229b3f90aed37a7e8289.zip
1 files changed, 23 insertions, 24 deletions
diff --git a/src/lib/libcrypto/x509/x509_v3.c b/src/lib/libcrypto/x509/x509_v3.c
index cca74e734a..b0a30db2e8 100644
--- a/src/lib/libcrypto/x509/x509_v3.c
+++ b/src/lib/libcrypto/x509/x509_v3.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: x509_v3.c,v 1.33 2024/07/12 08:46:45 tb Exp $ */
+/* $OpenBSD: x509_v3.c,v 1.34 2024/07/12 08:58:59 tb Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
@@ -145,42 +145,41 @@ LCRYPTO_ALIAS(X509v3_delete_ext);
 STACK_OF(X509_EXTENSION) *
 X509v3_add_ext(STACK_OF(X509_EXTENSION) **x, X509_EXTENSION *ext, int loc)
 {
-        X509_EXTENSION *new_ext = NULL;
-        int n;
        STACK_OF(X509_EXTENSION) *sk = NULL;
+        X509_EXTENSION *new_ext = NULL;
+        /*
+         * XXX - Nonsense from the poorly reviewed OpenSSL c755c5fd8ba (2005).
+         * This check should have been joined with the next check, i.e., if no
+         * stack was passed in, a new one should be created and returned.
+         */
        if (x == NULL) {
                X509error(ERR_R_PASSED_NULL_PARAMETER);
-                goto err2;
+                goto err;
        }
-        if (*x == NULL) {
+        if ((sk = *x) == NULL)
-                if ((sk = sk_X509_EXTENSION_new_null()) == NULL)
+                sk = sk_X509_EXTENSION_new_null();
-                        goto err;
+        if (sk == NULL) {
-        } else
+                X509error(ERR_R_MALLOC_FAILURE);
-                sk= *x;
+                goto err;
+        }
-        n = sk_X509_EXTENSION_num(sk);
-        if (loc > n)
-                loc = n;
-        else if (loc < 0)
-                loc = n;
        if ((new_ext = X509_EXTENSION_dup(ext)) == NULL)
-                goto err2;
+                goto err;
        if (!sk_X509_EXTENSION_insert(sk, new_ext, loc))
                goto err;
-        if (*x == NULL)
+        new_ext = NULL;
-                *x = sk;
+        *x = sk;
        return sk;
 err:
-        X509error(ERR_R_MALLOC_FAILURE);
+        X509_EXTENSION_free(new_ext);
- err2:
+        if (x != NULL && sk != *x)
-        if (new_ext != NULL)
+                sk_X509_EXTENSION_pop_free(sk, X509_EXTENSION_free);
-                X509_EXTENSION_free(new_ext);
-        if (sk != NULL && x != NULL && sk != *x)
-                sk_X509_EXTENSION_free(sk);
        return NULL;
 }
 LCRYPTO_ALIAS(X509v3_add_ext);
author	tb <>	2024-07-12 08:58:59 +0000
committer	tb <>	2024-07-12 08:58:59 +0000
commit	169d571ee404430f51bf229b3f90aed37a7e8289 (patch)
tree	c721ff385f75066020335739b6a598ea17de63b6 /src
parent	a2c60e8511e787112fbdd3538d024eaea0443f83 (diff)
download	openbsd-169d571ee404430f51bf229b3f90aed37a7e8289.tar.gz openbsd-169d571ee404430f51bf229b3f90aed37a7e8289.tar.bz2 openbsd-169d571ee404430f51bf229b3f90aed37a7e8289.zip

diff --git a/src/lib/libcrypto/x509/x509_v3.c b/src/lib/libcrypto/x509/x509_v3.c index cca74e734a..b0a30db2e8 100644 --- a/src/lib/libcrypto/x509/x509_v3.c +++ b/src/lib/libcrypto/x509/x509_v3.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: x509_v3.c,v 1.33 2024/07/12 08:46:45 tb Exp $ */	1	/* $OpenBSD: x509_v3.c,v 1.34 2024/07/12 08:58:59 tb Exp $ */
2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)	2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3	* All rights reserved.	3	* All rights reserved.
4	*	4	*
@@ -145,42 +145,41 @@ LCRYPTO_ALIAS(X509v3_delete_ext);
145	STACK_OF(X509_EXTENSION) *	145	STACK_OF(X509_EXTENSION) *
146	X509v3_add_ext(STACK_OF(X509_EXTENSION) *x, X509_EXTENSION ext, int loc)	146	X509v3_add_ext(STACK_OF(X509_EXTENSION) *x, X509_EXTENSION ext, int loc)
147	{	147	{
148	X509_EXTENSION *new_ext = NULL;
149	int n;
150	STACK_OF(X509_EXTENSION) *sk = NULL;	148	STACK_OF(X509_EXTENSION) *sk = NULL;
		149	X509_EXTENSION *new_ext = NULL;
151		150
		151	/*
		152	* XXX - Nonsense from the poorly reviewed OpenSSL c755c5fd8ba (2005).
		153	* This check should have been joined with the next check, i.e., if no
		154	* stack was passed in, a new one should be created and returned.
		155	*/
152	if (x == NULL) {	156	if (x == NULL) {
153	X509error(ERR_R_PASSED_NULL_PARAMETER);	157	X509error(ERR_R_PASSED_NULL_PARAMETER);
154	goto err2;	158	goto err;
155	}	159	}
156		160
157	if (*x == NULL) {	161	if ((sk = *x) == NULL)
158	if ((sk = sk_X509_EXTENSION_new_null()) == NULL)	162	sk = sk_X509_EXTENSION_new_null();
159	goto err;	163	if (sk == NULL) {
160	} else	164	X509error(ERR_R_MALLOC_FAILURE);
161	sk= *x;	165	goto err;
162		166	}
163	n = sk_X509_EXTENSION_num(sk);
164	if (loc > n)
165	loc = n;
166	else if (loc < 0)
167	loc = n;
168		167
169	if ((new_ext = X509_EXTENSION_dup(ext)) == NULL)	168	if ((new_ext = X509_EXTENSION_dup(ext)) == NULL)
170	goto err2;	169	goto err;
171	if (!sk_X509_EXTENSION_insert(sk, new_ext, loc))	170	if (!sk_X509_EXTENSION_insert(sk, new_ext, loc))
172	goto err;	171	goto err;
173	if (*x == NULL)	172	new_ext = NULL;
174	*x = sk;	173
		174	*x = sk;
		175
175	return sk;	176	return sk;
176		177
177	err:	178	err:
178	X509error(ERR_R_MALLOC_FAILURE);	179	X509_EXTENSION_free(new_ext);
179	err2:	180	if (x != NULL && sk != *x)
180	if (new_ext != NULL)	181	sk_X509_EXTENSION_pop_free(sk, X509_EXTENSION_free);
181	X509_EXTENSION_free(new_ext);	182
182	if (sk != NULL && x != NULL && sk != *x)
183	sk_X509_EXTENSION_free(sk);
184	return NULL;	183	return NULL;
185	}	184	}
186	LCRYPTO_ALIAS(X509v3_add_ext);	185	LCRYPTO_ALIAS(X509v3_add_ext);