Add error checking to i2v_POLICY_CONSTRAINTS().

ok jsing
author: tb <> 2019-04-22 17:29:13 +0000
committer: tb <> 2019-04-22 17:29:13 +0000
commit: 307a924ed8f794bf3663e46968cdd7e0eabfd943 (patch)
tree: 0c15f9eca0dea2457b04f39e1a74d22a10b6e5d8 /src
parent: f57f4a881874c22a27e2ae41e4822b40b63187ee (diff)
download: openbsd-307a924ed8f794bf3663e46968cdd7e0eabfd943.tar.gz
openbsd-307a924ed8f794bf3663e46968cdd7e0eabfd943.tar.bz2
openbsd-307a924ed8f794bf3663e46968cdd7e0eabfd943.zip
1 files changed, 19 insertions, 5 deletions
diff --git a/src/lib/libcrypto/x509v3/v3_pcons.c b/src/lib/libcrypto/x509v3/v3_pcons.c
index 30487a4d18..8c490a19ab 100644
--- a/src/lib/libcrypto/x509v3/v3_pcons.c
+++ b/src/lib/libcrypto/x509v3/v3_pcons.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: v3_pcons.c,v 1.11 2017/01/29 17:49:23 beck Exp $ */
+/* $OpenBSD: v3_pcons.c,v 1.12 2019/04/22 17:29:13 tb Exp $ */
 /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
 * project.
 */
@@ -133,12 +133,26 @@ i2v_POLICY_CONSTRAINTS(const X509V3_EXT_METHOD *method, void *a,
    STACK_OF(CONF_VALUE) *extlist)
 {
        POLICY_CONSTRAINTS *pcons = a;
+        STACK_OF(CONF_VALUE) *free_extlist = NULL;
+        if (extlist == NULL) {
+                if ((free_extlist = extlist = sk_CONF_VALUE_new_null()) == NULL)
+                        return NULL;
+        }
+        if (!X509V3_add_value_int("Require Explicit Policy",
+            pcons->requireExplicitPolicy, &extlist))
+                goto err;
+        if (!X509V3_add_value_int("Inhibit Policy Mapping",
+            pcons->inhibitPolicyMapping, &extlist))
+                goto err;
-        X509V3_add_value_int("Require Explicit Policy",
-            pcons->requireExplicitPolicy, &extlist);
-        X509V3_add_value_int("Inhibit Policy Mapping",
-            pcons->inhibitPolicyMapping, &extlist);
        return extlist;
+ err:
+        sk_CONF_VALUE_pop_free(free_extlist, X509V3_conf_free);
+        return NULL;
 }
 static void *
author	tb <>	2019-04-22 17:29:13 +0000
committer	tb <>	2019-04-22 17:29:13 +0000
commit	307a924ed8f794bf3663e46968cdd7e0eabfd943 (patch)
tree	0c15f9eca0dea2457b04f39e1a74d22a10b6e5d8 /src
parent	f57f4a881874c22a27e2ae41e4822b40b63187ee (diff)
download	openbsd-307a924ed8f794bf3663e46968cdd7e0eabfd943.tar.gz openbsd-307a924ed8f794bf3663e46968cdd7e0eabfd943.tar.bz2 openbsd-307a924ed8f794bf3663e46968cdd7e0eabfd943.zip

diff --git a/src/lib/libcrypto/x509v3/v3_pcons.c b/src/lib/libcrypto/x509v3/v3_pcons.c index 30487a4d18..8c490a19ab 100644 --- a/src/lib/libcrypto/x509v3/v3_pcons.c +++ b/src/lib/libcrypto/x509v3/v3_pcons.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: v3_pcons.c,v 1.11 2017/01/29 17:49:23 beck Exp $ */	1	/* $OpenBSD: v3_pcons.c,v 1.12 2019/04/22 17:29:13 tb Exp $ */
2	/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL	2	/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
3	* project.	3	* project.
4	*/	4	*/
@@ -133,12 +133,26 @@ i2v_POLICY_CONSTRAINTS(const X509V3_EXT_METHOD method, void a,
133	STACK_OF(CONF_VALUE) *extlist)	133	STACK_OF(CONF_VALUE) *extlist)
134	{	134	{
135	POLICY_CONSTRAINTS *pcons = a;	135	POLICY_CONSTRAINTS *pcons = a;
		136	STACK_OF(CONF_VALUE) *free_extlist = NULL;
		137
		138	if (extlist == NULL) {
		139	if ((free_extlist = extlist = sk_CONF_VALUE_new_null()) == NULL)
		140	return NULL;
		141	}
		142
		143	if (!X509V3_add_value_int("Require Explicit Policy",
		144	pcons->requireExplicitPolicy, &extlist))
		145	goto err;
		146	if (!X509V3_add_value_int("Inhibit Policy Mapping",
		147	pcons->inhibitPolicyMapping, &extlist))
		148	goto err;
136		149
137	X509V3_add_value_int("Require Explicit Policy",
138	pcons->requireExplicitPolicy, &extlist);
139	X509V3_add_value_int("Inhibit Policy Mapping",
140	pcons->inhibitPolicyMapping, &extlist);
141	return extlist;	150	return extlist;
		151
		152	err:
		153	sk_CONF_VALUE_pop_free(free_extlist, X509V3_conf_free);
		154
		155	return NULL;
142	}	156	}
143		157
144	static void *	158	static void *