2 files changed, 16 insertions, 12 deletions
diff --git a/src/lib/libcrypto/x509v3/pcy_tree.c b/src/lib/libcrypto/x509v3/pcy_tree.c
index fa0e161562..9e54f233ad 100644
--- a/src/lib/libcrypto/x509v3/pcy_tree.c
+++ b/src/lib/libcrypto/x509v3/pcy_tree.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: pcy_tree.c,v 1.13 2015/02/07 13:19:15 doug Exp $ */
+/* $OpenBSD: pcy_tree.c,v 1.14 2015/07/15 17:02:03 miod Exp $ */
 /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
 * project 2004.
 */
@@ -669,7 +669,7 @@ X509_policy_check(X509_POLICY_TREE **ptree, int *pexplicit_policy,
    STACK_OF(X509) *certs, STACK_OF(ASN1_OBJECT) *policy_oids,
    unsigned int flags)
 {
-        int ret;
+        int ret, ret2;
        X509_POLICY_TREE *tree = NULL;
        STACK_OF(X509_POLICY_NODE) *nodes, *auth_nodes = NULL;
@@ -739,16 +739,18 @@ X509_policy_check(X509_POLICY_TREE **ptree, int *pexplicit_policy,
        /* Tree is not empty: continue */
        ret = tree_calculate_authority_set(tree, &auth_nodes);
+        if (ret == 0)
-        if (!ret)
                goto error;
-        if (!tree_calculate_user_set(tree, policy_oids, auth_nodes))
+        ret2 = tree_calculate_user_set(tree, policy_oids, auth_nodes);
-                goto error;
+        /* Return value 2 means auth_nodes needs to be freed */
        if (ret == 2)
                sk_X509_POLICY_NODE_free(auth_nodes);
+        if (ret2 == 0)
+                goto error;
        if (tree)
                *ptree = tree;
diff --git a/src/lib/libssl/src/crypto/x509v3/pcy_tree.c b/src/lib/libssl/src/crypto/x509v3/pcy_tree.c
index fa0e161562..9e54f233ad 100644
--- a/src/lib/libssl/src/crypto/x509v3/pcy_tree.c
+++ b/src/lib/libssl/src/crypto/x509v3/pcy_tree.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: pcy_tree.c,v 1.13 2015/02/07 13:19:15 doug Exp $ */
+/* $OpenBSD: pcy_tree.c,v 1.14 2015/07/15 17:02:03 miod Exp $ */
 /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
 * project 2004.
 */
@@ -669,7 +669,7 @@ X509_policy_check(X509_POLICY_TREE **ptree, int *pexplicit_policy,
    STACK_OF(X509) *certs, STACK_OF(ASN1_OBJECT) *policy_oids,
    unsigned int flags)
 {
-        int ret;
+        int ret, ret2;
        X509_POLICY_TREE *tree = NULL;
        STACK_OF(X509_POLICY_NODE) *nodes, *auth_nodes = NULL;
@@ -739,16 +739,18 @@ X509_policy_check(X509_POLICY_TREE **ptree, int *pexplicit_policy,
        /* Tree is not empty: continue */
        ret = tree_calculate_authority_set(tree, &auth_nodes);
+        if (ret == 0)
-        if (!ret)
                goto error;
-        if (!tree_calculate_user_set(tree, policy_oids, auth_nodes))
+        ret2 = tree_calculate_user_set(tree, policy_oids, auth_nodes);
-                goto error;
+        /* Return value 2 means auth_nodes needs to be freed */
        if (ret == 2)
                sk_X509_POLICY_NODE_free(auth_nodes);
+        if (ret2 == 0)
+                goto error;
        if (tree)
                *ptree = tree;

diff --git a/src/lib/libcrypto/x509v3/pcy_tree.c b/src/lib/libcrypto/x509v3/pcy_tree.c index fa0e161562..9e54f233ad 100644 --- a/src/lib/libcrypto/x509v3/pcy_tree.c +++ b/src/lib/libcrypto/x509v3/pcy_tree.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: pcy_tree.c,v 1.13 2015/02/07 13:19:15 doug Exp $ */	1	/* $OpenBSD: pcy_tree.c,v 1.14 2015/07/15 17:02:03 miod Exp $ */
2	/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL	2	/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
3	* project 2004.	3	* project 2004.
4	*/	4	*/
@@ -669,7 +669,7 @@ X509_policy_check(X509_POLICY_TREE *ptree, int pexplicit_policy,
669	STACK_OF(X509) certs, STACK_OF(ASN1_OBJECT) policy_oids,	669	STACK_OF(X509) certs, STACK_OF(ASN1_OBJECT) policy_oids,
670	unsigned int flags)	670	unsigned int flags)
671	{	671	{
672	int ret;	672	int ret, ret2;
673	X509_POLICY_TREE *tree = NULL;	673	X509_POLICY_TREE *tree = NULL;
674	STACK_OF(X509_POLICY_NODE) nodes, auth_nodes = NULL;	674	STACK_OF(X509_POLICY_NODE) nodes, auth_nodes = NULL;
675		675
@@ -739,16 +739,18 @@ X509_policy_check(X509_POLICY_TREE *ptree, int pexplicit_policy,
739	/* Tree is not empty: continue */	739	/* Tree is not empty: continue */
740		740
741	ret = tree_calculate_authority_set(tree, &auth_nodes);	741	ret = tree_calculate_authority_set(tree, &auth_nodes);
742		742	if (ret == 0)
743	if (!ret)
744	goto error;	743	goto error;
745		744
746	if (!tree_calculate_user_set(tree, policy_oids, auth_nodes))	745	ret2 = tree_calculate_user_set(tree, policy_oids, auth_nodes);
747	goto error;
748		746
		747	/* Return value 2 means auth_nodes needs to be freed */
749	if (ret == 2)	748	if (ret == 2)
750	sk_X509_POLICY_NODE_free(auth_nodes);	749	sk_X509_POLICY_NODE_free(auth_nodes);
751		750
		751	if (ret2 == 0)
		752	goto error;
		753
752	if (tree)	754	if (tree)
753	*ptree = tree;	755	*ptree = tree;
754		756


diff --git a/src/lib/libssl/src/crypto/x509v3/pcy_tree.c b/src/lib/libssl/src/crypto/x509v3/pcy_tree.c index fa0e161562..9e54f233ad 100644 --- a/src/lib/libssl/src/crypto/x509v3/pcy_tree.c +++ b/src/lib/libssl/src/crypto/x509v3/pcy_tree.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: pcy_tree.c,v 1.13 2015/02/07 13:19:15 doug Exp $ */	1	/* $OpenBSD: pcy_tree.c,v 1.14 2015/07/15 17:02:03 miod Exp $ */
2	/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL	2	/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
3	* project 2004.	3	* project 2004.
4	*/	4	*/
@@ -669,7 +669,7 @@ X509_policy_check(X509_POLICY_TREE *ptree, int pexplicit_policy,
669	STACK_OF(X509) certs, STACK_OF(ASN1_OBJECT) policy_oids,	669	STACK_OF(X509) certs, STACK_OF(ASN1_OBJECT) policy_oids,
670	unsigned int flags)	670	unsigned int flags)
671	{	671	{
672	int ret;	672	int ret, ret2;
673	X509_POLICY_TREE *tree = NULL;	673	X509_POLICY_TREE *tree = NULL;
674	STACK_OF(X509_POLICY_NODE) nodes, auth_nodes = NULL;	674	STACK_OF(X509_POLICY_NODE) nodes, auth_nodes = NULL;
675		675
@@ -739,16 +739,18 @@ X509_policy_check(X509_POLICY_TREE *ptree, int pexplicit_policy,
739	/* Tree is not empty: continue */	739	/* Tree is not empty: continue */
740		740
741	ret = tree_calculate_authority_set(tree, &auth_nodes);	741	ret = tree_calculate_authority_set(tree, &auth_nodes);
742		742	if (ret == 0)
743	if (!ret)
744	goto error;	743	goto error;
745		744
746	if (!tree_calculate_user_set(tree, policy_oids, auth_nodes))	745	ret2 = tree_calculate_user_set(tree, policy_oids, auth_nodes);
747	goto error;
748		746
		747	/* Return value 2 means auth_nodes needs to be freed */
749	if (ret == 2)	748	if (ret == 2)
750	sk_X509_POLICY_NODE_free(auth_nodes);	749	sk_X509_POLICY_NODE_free(auth_nodes);
751		750
		751	if (ret2 == 0)
		752	goto error;
		753
752	if (tree)	754	if (tree)
753	*ptree = tree;	755	*ptree = tree;
754		756