2 files changed, 46 insertions, 30 deletions
diff --git a/src/lib/libcrypto/x509/x509_trs.c b/src/lib/libcrypto/x509/x509_trs.c
index f104c1fd16..544fb5e884 100644
--- a/src/lib/libcrypto/x509/x509_trs.c
+++ b/src/lib/libcrypto/x509/x509_trs.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: x509_trs.c,v 1.15 2014/07/11 08:44:49 jsing Exp $ */
+/* $OpenBSD: x509_trs.c,v 1.16 2014/09/28 10:52:59 miod Exp $ */
 /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
 * project 1999.
 */
@@ -190,17 +190,20 @@ X509_TRUST_add(int id, int flags, int (*ck)(X509_TRUST *, X509 *, int),
                        return 0;
                }
                trtmp->flags = X509_TRUST_DYNAMIC;
-        } else
+        } else {
                trtmp = X509_TRUST_get0(idx);
+                if (trtmp == NULL) {
+                        X509err(X509_F_X509_TRUST_ADD, X509_R_INVALID_TRUST);
+                        return 0;
+                }
+        }
        /* free existing name if dynamic */
        if (trtmp->flags & X509_TRUST_DYNAMIC_NAME)
                free(trtmp->name);
        /* dup supplied name */
-        if (!(trtmp->name = BUF_strdup(name))) {
+        if ((trtmp->name = BUF_strdup(name)) == NULL)
-                X509err(X509_F_X509_TRUST_ADD, ERR_R_MALLOC_FAILURE);
+                goto err;
-                return 0;
-        }
        /* Keep the dynamic flag of existing entry */
        trtmp->flags &= X509_TRUST_DYNAMIC;
        /* Set all other flags */
@@ -211,18 +214,23 @@ X509_TRUST_add(int id, int flags, int (*ck)(X509_TRUST *, X509 *, int),
        trtmp->arg1 = arg1;
        trtmp->arg2 = arg2;
-        /* If its a new entry manage the dynamic table */
+        /* If it's a new entry, manage the dynamic table */
        if (idx == -1) {
-                if (!trtable && !(trtable = sk_X509_TRUST_new(tr_cmp))) {
+                if (trtable == NULL &&
-                        X509err(X509_F_X509_TRUST_ADD, ERR_R_MALLOC_FAILURE);
+                    (trtable = sk_X509_TRUST_new(tr_cmp)) == NULL)
-                        return 0;
+                        goto err;
-                }
+                if (sk_X509_TRUST_push(trtable, trtmp) == 0)
-                if (!sk_X509_TRUST_push(trtable, trtmp)) {
+                        goto err;
-                        X509err(X509_F_X509_TRUST_ADD, ERR_R_MALLOC_FAILURE);
-                        return 0;
-                }
        }
        return 1;
+err:
+        if (idx == -1) {
+                free(trtmp->name);
+                free(trtmp);
+        }
+        X509err(X509_F_X509_TRUST_ADD, ERR_R_MALLOC_FAILURE);
+        return 0;
 }
 static void
diff --git a/src/lib/libssl/src/crypto/x509/x509_trs.c b/src/lib/libssl/src/crypto/x509/x509_trs.c
index f104c1fd16..544fb5e884 100644
--- a/src/lib/libssl/src/crypto/x509/x509_trs.c
+++ b/src/lib/libssl/src/crypto/x509/x509_trs.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: x509_trs.c,v 1.15 2014/07/11 08:44:49 jsing Exp $ */
+/* $OpenBSD: x509_trs.c,v 1.16 2014/09/28 10:52:59 miod Exp $ */
 /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
 * project 1999.
 */
@@ -190,17 +190,20 @@ X509_TRUST_add(int id, int flags, int (*ck)(X509_TRUST *, X509 *, int),
                        return 0;
                }
                trtmp->flags = X509_TRUST_DYNAMIC;
-        } else
+        } else {
                trtmp = X509_TRUST_get0(idx);
+                if (trtmp == NULL) {
+                        X509err(X509_F_X509_TRUST_ADD, X509_R_INVALID_TRUST);
+                        return 0;
+                }
+        }
        /* free existing name if dynamic */
        if (trtmp->flags & X509_TRUST_DYNAMIC_NAME)
                free(trtmp->name);
        /* dup supplied name */
-        if (!(trtmp->name = BUF_strdup(name))) {
+        if ((trtmp->name = BUF_strdup(name)) == NULL)
-                X509err(X509_F_X509_TRUST_ADD, ERR_R_MALLOC_FAILURE);
+                goto err;
-                return 0;
-        }
        /* Keep the dynamic flag of existing entry */
        trtmp->flags &= X509_TRUST_DYNAMIC;
        /* Set all other flags */
@@ -211,18 +214,23 @@ X509_TRUST_add(int id, int flags, int (*ck)(X509_TRUST *, X509 *, int),
        trtmp->arg1 = arg1;
        trtmp->arg2 = arg2;
-        /* If its a new entry manage the dynamic table */
+        /* If it's a new entry, manage the dynamic table */
        if (idx == -1) {
-                if (!trtable && !(trtable = sk_X509_TRUST_new(tr_cmp))) {
+                if (trtable == NULL &&
-                        X509err(X509_F_X509_TRUST_ADD, ERR_R_MALLOC_FAILURE);
+                    (trtable = sk_X509_TRUST_new(tr_cmp)) == NULL)
-                        return 0;
+                        goto err;
-                }
+                if (sk_X509_TRUST_push(trtable, trtmp) == 0)
-                if (!sk_X509_TRUST_push(trtable, trtmp)) {
+                        goto err;
-                        X509err(X509_F_X509_TRUST_ADD, ERR_R_MALLOC_FAILURE);
-                        return 0;
-                }
        }
        return 1;
+err:
+        if (idx == -1) {
+                free(trtmp->name);
+                free(trtmp);
+        }
+        X509err(X509_F_X509_TRUST_ADD, ERR_R_MALLOC_FAILURE);
+        return 0;
 }
 static void