From a53e20a6c040532f3fcfd5a73b1b493e8f09163a Mon Sep 17 00:00:00 2001
From: tedu <>
Date: Thu, 19 Jun 2014 21:23:48 +0000
Subject: improve error checking. set error code on error, and check malloc
 return. add missing unlock in one case. ok lteo miod

---
 src/lib/libcrypto/x509/by_dir.c         | 15 +++++++++++++--
 src/lib/libssl/src/crypto/x509/by_dir.c | 15 +++++++++++++--
 2 files changed, 26 insertions(+), 4 deletions(-)

diff --git a/src/lib/libcrypto/x509/by_dir.c b/src/lib/libcrypto/x509/by_dir.c
index 21aa464962..21ba0a7bc2 100644
--- a/src/lib/libcrypto/x509/by_dir.c
+++ b/src/lib/libcrypto/x509/by_dir.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: by_dir.c,v 1.26 2014/06/12 15:49:31 deraadt Exp $ */
+/* $OpenBSD: by_dir.c,v 1.27 2014/06/19 21:23:48 tedu Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -241,16 +241,20 @@ add_cert_dir(BY_DIR *ctx, const char *dir, int type)
 				}
 			}
 			ent = malloc(sizeof(BY_DIR_ENTRY));
-			if (!ent)
+			if (!ent) {
+				X509err(X509_F_ADD_CERT_DIR, ERR_R_MALLOC_FAILURE);
 				return 0;
+			}
 			ent->dir_type = type;
 			ent->hashes = sk_BY_DIR_HASH_new(by_dir_hash_cmp);
 			ent->dir = strdup(ss);
 			if (!ent->dir || !ent->hashes) {
+				X509err(X509_F_ADD_CERT_DIR, ERR_R_MALLOC_FAILURE);
 				by_dir_entry_free(ent);
 				return 0;
 			}
 			if (!sk_BY_DIR_ENTRY_push(ctx->dirs, ent)) {
+				X509err(X509_F_ADD_CERT_DIR, ERR_R_MALLOC_FAILURE);
 				by_dir_entry_free(ent);
 				return 0;
 			}
@@ -384,9 +388,16 @@ get_cert_by_subject(X509_LOOKUP *xl, int type, X509_NAME *name,
 			}
 			if (!hent) {
 				hent = malloc(sizeof(BY_DIR_HASH));
+				if (!hent) {
+					X509err(X509_F_GET_CERT_BY_SUBJECT, ERR_R_MALLOC_FAILURE);
+					CRYPTO_w_unlock(CRYPTO_LOCK_X509_STORE);
+					ok = 0;
+					goto finish;
+				}
 				hent->hash = h;
 				hent->suffix = k;
 				if (!sk_BY_DIR_HASH_push(ent->hashes, hent)) {
+					X509err(X509_F_GET_CERT_BY_SUBJECT, ERR_R_MALLOC_FAILURE);
 					CRYPTO_w_unlock(CRYPTO_LOCK_X509_STORE);
 					free(hent);
 					ok = 0;
diff --git a/src/lib/libssl/src/crypto/x509/by_dir.c b/src/lib/libssl/src/crypto/x509/by_dir.c
index 21aa464962..21ba0a7bc2 100644
--- a/src/lib/libssl/src/crypto/x509/by_dir.c
+++ b/src/lib/libssl/src/crypto/x509/by_dir.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: by_dir.c,v 1.26 2014/06/12 15:49:31 deraadt Exp $ */
+/* $OpenBSD: by_dir.c,v 1.27 2014/06/19 21:23:48 tedu Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -241,16 +241,20 @@ add_cert_dir(BY_DIR *ctx, const char *dir, int type)
 				}
 			}
 			ent = malloc(sizeof(BY_DIR_ENTRY));
-			if (!ent)
+			if (!ent) {
+				X509err(X509_F_ADD_CERT_DIR, ERR_R_MALLOC_FAILURE);
 				return 0;
+			}
 			ent->dir_type = type;
 			ent->hashes = sk_BY_DIR_HASH_new(by_dir_hash_cmp);
 			ent->dir = strdup(ss);
 			if (!ent->dir || !ent->hashes) {
+				X509err(X509_F_ADD_CERT_DIR, ERR_R_MALLOC_FAILURE);
 				by_dir_entry_free(ent);
 				return 0;
 			}
 			if (!sk_BY_DIR_ENTRY_push(ctx->dirs, ent)) {
+				X509err(X509_F_ADD_CERT_DIR, ERR_R_MALLOC_FAILURE);
 				by_dir_entry_free(ent);
 				return 0;
 			}
@@ -384,9 +388,16 @@ get_cert_by_subject(X509_LOOKUP *xl, int type, X509_NAME *name,
 			}
 			if (!hent) {
 				hent = malloc(sizeof(BY_DIR_HASH));
+				if (!hent) {
+					X509err(X509_F_GET_CERT_BY_SUBJECT, ERR_R_MALLOC_FAILURE);
+					CRYPTO_w_unlock(CRYPTO_LOCK_X509_STORE);
+					ok = 0;
+					goto finish;
+				}
 				hent->hash = h;
 				hent->suffix = k;
 				if (!sk_BY_DIR_HASH_push(ent->hashes, hent)) {
+					X509err(X509_F_GET_CERT_BY_SUBJECT, ERR_R_MALLOC_FAILURE);
 					CRYPTO_w_unlock(CRYPTO_LOCK_X509_STORE);
 					free(hent);
 					ok = 0;
-- 
cgit v1.2.3-55-g6feb