1 files changed, 23 insertions, 24 deletions
diff --git a/src/lib/libcrypto/x509/x509_v3.c b/src/lib/libcrypto/x509/x509_v3.c
index cca74e734a..b0a30db2e8 100644
--- a/src/lib/libcrypto/x509/x509_v3.c
+++ b/src/lib/libcrypto/x509/x509_v3.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: x509_v3.c,v 1.33 2024/07/12 08:46:45 tb Exp $ */
+/* $OpenBSD: x509_v3.c,v 1.34 2024/07/12 08:58:59 tb Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
@@ -145,42 +145,41 @@ LCRYPTO_ALIAS(X509v3_delete_ext);
 STACK_OF(X509_EXTENSION) *
 X509v3_add_ext(STACK_OF(X509_EXTENSION) **x, X509_EXTENSION *ext, int loc)
 {
-        X509_EXTENSION *new_ext = NULL;
-        int n;
        STACK_OF(X509_EXTENSION) *sk = NULL;
+        X509_EXTENSION *new_ext = NULL;
+        /*
+         * XXX - Nonsense from the poorly reviewed OpenSSL c755c5fd8ba (2005).
+         * This check should have been joined with the next check, i.e., if no
+         * stack was passed in, a new one should be created and returned.
+         */
        if (x == NULL) {
                X509error(ERR_R_PASSED_NULL_PARAMETER);
-                goto err2;
+                goto err;
        }
-        if (*x == NULL) {
+        if ((sk = *x) == NULL)
-                if ((sk = sk_X509_EXTENSION_new_null()) == NULL)
+                sk = sk_X509_EXTENSION_new_null();
-                        goto err;
+        if (sk == NULL) {
-        } else
+                X509error(ERR_R_MALLOC_FAILURE);
-                sk= *x;
+                goto err;
+        }
-        n = sk_X509_EXTENSION_num(sk);
-        if (loc > n)
-                loc = n;
-        else if (loc < 0)
-                loc = n;
        if ((new_ext = X509_EXTENSION_dup(ext)) == NULL)
-                goto err2;
+                goto err;
        if (!sk_X509_EXTENSION_insert(sk, new_ext, loc))
                goto err;
-        if (*x == NULL)
+        new_ext = NULL;
-                *x = sk;
+        *x = sk;
        return sk;
 err:
-        X509error(ERR_R_MALLOC_FAILURE);
+        X509_EXTENSION_free(new_ext);
- err2:
+        if (x != NULL && sk != *x)
-        if (new_ext != NULL)
+                sk_X509_EXTENSION_pop_free(sk, X509_EXTENSION_free);
-                X509_EXTENSION_free(new_ext);
-        if (sk != NULL && x != NULL && sk != *x)
-                sk_X509_EXTENSION_free(sk);
        return NULL;
 }
 LCRYPTO_ALIAS(X509v3_add_ext);

diff --git a/src/lib/libcrypto/x509/x509_v3.c b/src/lib/libcrypto/x509/x509_v3.c index cca74e734a..b0a30db2e8 100644 --- a/src/lib/libcrypto/x509/x509_v3.c +++ b/src/lib/libcrypto/x509/x509_v3.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: x509_v3.c,v 1.33 2024/07/12 08:46:45 tb Exp $ */	1	/* $OpenBSD: x509_v3.c,v 1.34 2024/07/12 08:58:59 tb Exp $ */
2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)	2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3	* All rights reserved.	3	* All rights reserved.
4	*	4	*
@@ -145,42 +145,41 @@ LCRYPTO_ALIAS(X509v3_delete_ext);
145	STACK_OF(X509_EXTENSION) *	145	STACK_OF(X509_EXTENSION) *
146	X509v3_add_ext(STACK_OF(X509_EXTENSION) *x, X509_EXTENSION ext, int loc)	146	X509v3_add_ext(STACK_OF(X509_EXTENSION) *x, X509_EXTENSION ext, int loc)
147	{	147	{
148	X509_EXTENSION *new_ext = NULL;
149	int n;
150	STACK_OF(X509_EXTENSION) *sk = NULL;	148	STACK_OF(X509_EXTENSION) *sk = NULL;
		149	X509_EXTENSION *new_ext = NULL;
151		150
		151	/*
		152	* XXX - Nonsense from the poorly reviewed OpenSSL c755c5fd8ba (2005).
		153	* This check should have been joined with the next check, i.e., if no
		154	* stack was passed in, a new one should be created and returned.
		155	*/
152	if (x == NULL) {	156	if (x == NULL) {
153	X509error(ERR_R_PASSED_NULL_PARAMETER);	157	X509error(ERR_R_PASSED_NULL_PARAMETER);
154	goto err2;	158	goto err;
155	}	159	}
156		160
157	if (*x == NULL) {	161	if ((sk = *x) == NULL)
158	if ((sk = sk_X509_EXTENSION_new_null()) == NULL)	162	sk = sk_X509_EXTENSION_new_null();
159	goto err;	163	if (sk == NULL) {
160	} else	164	X509error(ERR_R_MALLOC_FAILURE);
161	sk= *x;	165	goto err;
162		166	}
163	n = sk_X509_EXTENSION_num(sk);
164	if (loc > n)
165	loc = n;
166	else if (loc < 0)
167	loc = n;
168		167
169	if ((new_ext = X509_EXTENSION_dup(ext)) == NULL)	168	if ((new_ext = X509_EXTENSION_dup(ext)) == NULL)
170	goto err2;	169	goto err;
171	if (!sk_X509_EXTENSION_insert(sk, new_ext, loc))	170	if (!sk_X509_EXTENSION_insert(sk, new_ext, loc))
172	goto err;	171	goto err;
173	if (*x == NULL)	172	new_ext = NULL;
174	*x = sk;	173
		174	*x = sk;
		175
175	return sk;	176	return sk;
176		177
177	err:	178	err:
178	X509error(ERR_R_MALLOC_FAILURE);	179	X509_EXTENSION_free(new_ext);
179	err2:	180	if (x != NULL && sk != *x)
180	if (new_ext != NULL)	181	sk_X509_EXTENSION_pop_free(sk, X509_EXTENSION_free);
181	X509_EXTENSION_free(new_ext);	182
182	if (sk != NULL && x != NULL && sk != *x)
183	sk_X509_EXTENSION_free(sk);
184	return NULL;	183	return NULL;
185	}	184	}
186	LCRYPTO_ALIAS(X509v3_add_ext);	185	LCRYPTO_ALIAS(X509v3_add_ext);