Error check sk_push() in crl2p7

also remove a few NULL checks before free and drop a cryptic comment about not needing to free x - hard to free what's not there... ok jsing
author: tb <> 2024-12-26 14:07:58 +0000
committer: tb <> 2024-12-26 14:07:58 +0000
commit: d0eec8887c87cce3ccbfa36a7ec07c2759fafa9c (patch)
tree: 33f3823c2973a9e1d83cdda29ba6344465b3192c /src
parent: 6e018de4bbd1349c71547b01c7f6830b5662c240 (diff)
download: openbsd-d0eec8887c87cce3ccbfa36a7ec07c2759fafa9c.tar.gz
openbsd-d0eec8887c87cce3ccbfa36a7ec07c2759fafa9c.tar.bz2
openbsd-d0eec8887c87cce3ccbfa36a7ec07c2759fafa9c.zip
1 files changed, 21 insertions, 23 deletions
diff --git a/src/usr.bin/openssl/crl2p7.c b/src/usr.bin/openssl/crl2p7.c
index dfbc896a21..697d9ca96c 100644
--- a/src/usr.bin/openssl/crl2p7.c
+++ b/src/usr.bin/openssl/crl2p7.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: crl2p7.c,v 1.11 2023/03/06 14:32:05 tb Exp $ */
+/* $OpenBSD: crl2p7.c,v 1.12 2024/12/26 14:07:58 tb Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
@@ -229,8 +229,9 @@ crl2pkcs7_main(int argc, char **argv)
                goto end;
        p7s->crl = crl_stack;
        if (crl != NULL) {
-                sk_X509_CRL_push(crl_stack, crl);
+                if (!sk_X509_CRL_push(crl_stack, crl))
-                crl = NULL;     /* now part of p7 for freeing */
+                        goto end;
+                crl = NULL;
        }
        if ((cert_stack = sk_X509_new_null()) == NULL)
                goto end;
@@ -248,8 +249,6 @@ crl2pkcs7_main(int argc, char **argv)
                }
        }
-        sk_OPENSSL_STRING_free(cfg.certflst);
        if (cfg.outfile == NULL) {
                BIO_set_fp(out, stdout, BIO_NOCLOSE);
        } else {
@@ -273,19 +272,17 @@ crl2pkcs7_main(int argc, char **argv)
                ERR_print_errors(bio_err);
                goto end;
        }
        ret = 0;
 end:
-        if (in != NULL)
+        BIO_free(in);
-                BIO_free(in);
+        BIO_free_all(out);
-        if (out != NULL)
+        PKCS7_free(p7);
-                BIO_free_all(out);
+        X509_CRL_free(crl);
-        if (p7 != NULL)
+        sk_OPENSSL_STRING_free(cfg.certflst);
-                PKCS7_free(p7);
-        if (crl != NULL)
-                X509_CRL_free(crl);
-        return (ret);
+        return ret;
 }
 static int
@@ -295,7 +292,7 @@ add_certs_from_file(STACK_OF(X509) *stack, char *certfile)
        int count = 0;
        int ret = -1;
        STACK_OF(X509_INFO) *sk = NULL;
-        X509_INFO *xi;
+        X509_INFO *xi = NULL;
        in = BIO_new(BIO_s_file());
        if (in == NULL || BIO_read_filename(in, certfile) <= 0) {
@@ -309,23 +306,24 @@ add_certs_from_file(STACK_OF(X509) *stack, char *certfile)
                goto end;
        }
        /* scan over it and pull out the CRL's */
-        while (sk_X509_INFO_num(sk)) {
+        while (sk_X509_INFO_num(sk) > 0) {
                xi = sk_X509_INFO_shift(sk);
                if (xi->x509 != NULL) {
-                        sk_X509_push(stack, xi->x509);
+                        if (!sk_X509_push(stack, xi->x509))
+                                goto end;
                        xi->x509 = NULL;
                        count++;
                }
                X509_INFO_free(xi);
+                xi = NULL;
        }
        ret = count;
 end:
-        /* never need to free x */
+        BIO_free(in);
-        if (in != NULL)
+        X509_INFO_free(xi);
-                BIO_free(in);
+        sk_X509_INFO_free(sk);
-        if (sk != NULL)
-                sk_X509_INFO_free(sk);
+        return ret;
-        return (ret);
 }
author	tb <>	2024-12-26 14:07:58 +0000
committer	tb <>	2024-12-26 14:07:58 +0000
commit	d0eec8887c87cce3ccbfa36a7ec07c2759fafa9c (patch)
tree	33f3823c2973a9e1d83cdda29ba6344465b3192c /src
parent	6e018de4bbd1349c71547b01c7f6830b5662c240 (diff)
download	openbsd-d0eec8887c87cce3ccbfa36a7ec07c2759fafa9c.tar.gz openbsd-d0eec8887c87cce3ccbfa36a7ec07c2759fafa9c.tar.bz2 openbsd-d0eec8887c87cce3ccbfa36a7ec07c2759fafa9c.zip

diff --git a/src/usr.bin/openssl/crl2p7.c b/src/usr.bin/openssl/crl2p7.c index dfbc896a21..697d9ca96c 100644 --- a/src/usr.bin/openssl/crl2p7.c +++ b/src/usr.bin/openssl/crl2p7.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: crl2p7.c,v 1.11 2023/03/06 14:32:05 tb Exp $ */	1	/* $OpenBSD: crl2p7.c,v 1.12 2024/12/26 14:07:58 tb Exp $ */
2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)	2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3	* All rights reserved.	3	* All rights reserved.
4	*	4	*
@@ -229,8 +229,9 @@ crl2pkcs7_main(int argc, char **argv)
229	goto end;	229	goto end;
230	p7s->crl = crl_stack;	230	p7s->crl = crl_stack;
231	if (crl != NULL) {	231	if (crl != NULL) {
232	sk_X509_CRL_push(crl_stack, crl);	232	if (!sk_X509_CRL_push(crl_stack, crl))
233	crl = NULL; /* now part of p7 for freeing */	233	goto end;
		234	crl = NULL;
234	}	235	}
235	if ((cert_stack = sk_X509_new_null()) == NULL)	236	if ((cert_stack = sk_X509_new_null()) == NULL)
236	goto end;	237	goto end;
@@ -248,8 +249,6 @@ crl2pkcs7_main(int argc, char **argv)
248	}	249	}
249	}	250	}
250		251
251	sk_OPENSSL_STRING_free(cfg.certflst);
252
253	if (cfg.outfile == NULL) {	252	if (cfg.outfile == NULL) {
254	BIO_set_fp(out, stdout, BIO_NOCLOSE);	253	BIO_set_fp(out, stdout, BIO_NOCLOSE);
255	} else {	254	} else {
@@ -273,19 +272,17 @@ crl2pkcs7_main(int argc, char **argv)
273	ERR_print_errors(bio_err);	272	ERR_print_errors(bio_err);
274	goto end;	273	goto end;
275	}	274	}
		275
276	ret = 0;	276	ret = 0;
277		277
278	end:	278	end:
279	if (in != NULL)	279	BIO_free(in);
280	BIO_free(in);	280	BIO_free_all(out);
281	if (out != NULL)	281	PKCS7_free(p7);
282	BIO_free_all(out);	282	X509_CRL_free(crl);
283	if (p7 != NULL)	283	sk_OPENSSL_STRING_free(cfg.certflst);
284	PKCS7_free(p7);
285	if (crl != NULL)
286	X509_CRL_free(crl);
287		284
288	return (ret);	285	return ret;
289	}	286	}
290		287
291	static int	288	static int
@@ -295,7 +292,7 @@ add_certs_from_file(STACK_OF(X509) stack, char certfile)
295	int count = 0;	292	int count = 0;
296	int ret = -1;	293	int ret = -1;
297	STACK_OF(X509_INFO) *sk = NULL;	294	STACK_OF(X509_INFO) *sk = NULL;
298	X509_INFO *xi;	295	X509_INFO *xi = NULL;
299		296
300	in = BIO_new(BIO_s_file());	297	in = BIO_new(BIO_s_file());
301	if (in == NULL \|\| BIO_read_filename(in, certfile) <= 0) {	298	if (in == NULL \|\| BIO_read_filename(in, certfile) <= 0) {
@@ -309,23 +306,24 @@ add_certs_from_file(STACK_OF(X509) stack, char certfile)
309	goto end;	306	goto end;
310	}	307	}
311	/* scan over it and pull out the CRL's */	308	/* scan over it and pull out the CRL's */
312	while (sk_X509_INFO_num(sk)) {	309	while (sk_X509_INFO_num(sk) > 0) {
313	xi = sk_X509_INFO_shift(sk);	310	xi = sk_X509_INFO_shift(sk);
314	if (xi->x509 != NULL) {	311	if (xi->x509 != NULL) {
315	sk_X509_push(stack, xi->x509);	312	if (!sk_X509_push(stack, xi->x509))
		313	goto end;
316	xi->x509 = NULL;	314	xi->x509 = NULL;
317	count++;	315	count++;
318	}	316	}
319	X509_INFO_free(xi);	317	X509_INFO_free(xi);
		318	xi = NULL;
320	}	319	}
321		320
322	ret = count;	321	ret = count;
323		322
324	end:	323	end:
325	/* never need to free x */	324	BIO_free(in);
326	if (in != NULL)	325	X509_INFO_free(xi);
327	BIO_free(in);	326	sk_X509_INFO_free(sk);
328	if (sk != NULL)	327
329	sk_X509_INFO_free(sk);	328	return ret;
330	return (ret);
331	}	329	}