From 0d65d2118b0232bebdc91dae5db25ff9bceb06c1 Mon Sep 17 00:00:00 2001
From: beck <>
Date: Mon, 14 Sep 2020 12:33:51 +0000
Subject: Set error if we are given an NULL ctx in x509_verify, and set error
 to X509_V_ERR_OUT_OF_MEM instead of UNSPECIFIED in chain_append when
 allocation fails.

noticed by ingo@
ok tb@
---
 src/lib/libcrypto/x509/x509_verify.c | 8 +++-----
 1 file changed, 3 insertions(+), 5 deletions(-)

diff --git a/src/lib/libcrypto/x509/x509_verify.c b/src/lib/libcrypto/x509/x509_verify.c
index 80af892d8a..431f5ab1bc 100644
--- a/src/lib/libcrypto/x509/x509_verify.c
+++ b/src/lib/libcrypto/x509/x509_verify.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: x509_verify.c,v 1.5 2020/09/14 12:00:55 tb Exp $ */
+/* $OpenBSD: x509_verify.c,v 1.6 2020/09/14 12:33:51 beck Exp $ */
 /*
  * Copyright (c) 2020 Bob Beck <beck@openbsd.org>
  *
@@ -108,7 +108,7 @@ x509_verify_chain_append(struct x509_verify_chain *chain, X509 *cert,
 	X509_up_ref(cert);
 	if (!sk_X509_push(chain->certs, cert)) {
 		X509_free(cert);
-		*error = X509_V_ERR_UNSPECIFIED;
+		*error = X509_V_ERR_OUT_OF_MEM;
 		return 0;
 	}
 	return 1;
@@ -833,9 +833,7 @@ x509_verify(struct x509_verify_ctx *ctx, X509 *leaf, char *name)
 {
 	struct x509_verify_chain *current_chain;
 
-	if (ctx == NULL)
-		return 0;
-	if (ctx->roots == NULL || ctx->max_depth == 0) {
+	if (ctx == NULL || ctx->roots == NULL || ctx->max_depth == 0) {
 		ctx->error = X509_V_ERR_INVALID_CALL;
 		return 0;
 	}
-- 
cgit v1.2.3-55-g6feb