From 63eec788b454a03bda0826cf41f02edb6771089c Mon Sep 17 00:00:00 2001
From: beck <>
Date: Fri, 11 Sep 2015 18:07:06 +0000
Subject: fix unchecked mallocs - coverity 130454 and 130455 ok jsing@

---
 src/usr.bin/openssl/ca.c | 21 +++++++++++++++------
 1 file changed, 15 insertions(+), 6 deletions(-)

(limited to 'src/usr.bin/openssl/ca.c')

diff --git a/src/usr.bin/openssl/ca.c b/src/usr.bin/openssl/ca.c
index 254d551aa5..0a02c910d9 100644
--- a/src/usr.bin/openssl/ca.c
+++ b/src/usr.bin/openssl/ca.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ca.c,v 1.12 2015/09/11 14:30:23 bcook Exp $ */
+/* $OpenBSD: ca.c,v 1.13 2015/09/11 18:07:06 beck Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -1779,7 +1779,8 @@ again2:
 	if (!X509_set_version(ret, 2))
 		goto err;
 #endif
-
+	if (ci->serialNumber == NULL)
+		goto err;
 	if (BN_to_ASN1_INTEGER(serial, ci->serialNumber) == NULL)
 		goto err;
 	if (selfsign) {
@@ -1929,6 +1930,11 @@ again2:
 
 	tm = X509_get_notAfter(ret);
 	row[DB_exp_date] = malloc(tm->length + 1);
+	if (row[DB_exp_date] == NULL) {
+		BIO_printf(bio_err, "Memory allocation failure\n");
+		goto err;
+	}
+
 	memcpy(row[DB_exp_date], tm->data, tm->length);
 	row[DB_exp_date][tm->length] = '\0';
 
@@ -1938,8 +1944,8 @@ again2:
 	row[DB_file] = malloc(8);
 	row[DB_name] = X509_NAME_oneline(X509_get_subject_name(ret), NULL, 0);
 
-	if ((row[DB_type] == NULL) || (row[DB_exp_date] == NULL) ||
-	    (row[DB_file] == NULL) || (row[DB_name] == NULL)) {
+	if ((row[DB_type] == NULL) || (row[DB_file] == NULL) ||
+	    (row[DB_name] == NULL)) {
 		BIO_printf(bio_err, "Memory allocation failure\n");
 		goto err;
 	}
@@ -2177,6 +2183,10 @@ do_revoke(X509 * x509, CA_DB * db, int type, char *value)
 
 		tm = X509_get_notAfter(x509);
 		row[DB_exp_date] = malloc(tm->length + 1);
+		if (row[DB_exp_date] == NULL) {
+			BIO_printf(bio_err, "Memory allocation failure\n");
+			goto err;
+		}
 		memcpy(row[DB_exp_date], tm->data, tm->length);
 		row[DB_exp_date][tm->length] = '\0';
 
@@ -2187,8 +2197,7 @@ do_revoke(X509 * x509, CA_DB * db, int type, char *value)
 
 		/* row[DB_name] done already */
 
-		if ((row[DB_type] == NULL) || (row[DB_exp_date] == NULL) ||
-		    (row[DB_file] == NULL)) {
+		if ((row[DB_type] == NULL) || (row[DB_file] == NULL)) {
 			BIO_printf(bio_err, "Memory allocation failure\n");
 			goto err;
 		}
-- 
cgit v1.2.3-55-g6feb