From 97bfa37faa9181b1505591dc921fcedae918dc1f Mon Sep 17 00:00:00 2001 From: miod <> Date: Sat, 14 Feb 2015 15:16:59 +0000 Subject: Check i2d_name_canon() for failure (negative return). Coverity CID 78888. ok doug@ jsing@ --- src/lib/libcrypto/asn1/x_name.c | 14 ++++++++------ src/lib/libssl/src/crypto/asn1/x_name.c | 14 ++++++++------ 2 files changed, 16 insertions(+), 12 deletions(-) (limited to 'src') diff --git a/src/lib/libcrypto/asn1/x_name.c b/src/lib/libcrypto/asn1/x_name.c index 910110505d..c69c35534d 100644 --- a/src/lib/libcrypto/asn1/x_name.c +++ b/src/lib/libcrypto/asn1/x_name.c @@ -1,4 +1,4 @@ -/* $OpenBSD: x_name.c,v 1.26 2015/02/11 04:00:39 jsing Exp $ */ +/* $OpenBSD: x_name.c,v 1.27 2015/02/14 15:16:59 miod Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -422,7 +422,7 @@ x509_name_canon(X509_NAME *a) STACK_OF(STACK_OF_X509_NAME_ENTRY) *intname = NULL; STACK_OF(X509_NAME_ENTRY) *entries = NULL; X509_NAME_ENTRY *entry, *tmpentry = NULL; - int i, set = -1, ret = 0; + int i, len, set = -1, ret = 0; if (a->canon_enc) { free(a->canon_enc); @@ -456,16 +456,18 @@ x509_name_canon(X509_NAME *a) } /* Finally generate encoding */ - a->canon_enclen = i2d_name_canon(intname, NULL); - p = malloc(a->canon_enclen); - if (!p) + len = i2d_name_canon(intname, NULL); + if (len < 0) + goto err; + p = malloc(len); + if (p == NULL) goto err; a->canon_enc = p; + a->canon_enclen = len; i2d_name_canon(intname, &p); ret = 1; err: - if (tmpentry) X509_NAME_ENTRY_free(tmpentry); if (intname) diff --git a/src/lib/libssl/src/crypto/asn1/x_name.c b/src/lib/libssl/src/crypto/asn1/x_name.c index 910110505d..c69c35534d 100644 --- a/src/lib/libssl/src/crypto/asn1/x_name.c +++ b/src/lib/libssl/src/crypto/asn1/x_name.c @@ -1,4 +1,4 @@ -/* $OpenBSD: x_name.c,v 1.26 2015/02/11 04:00:39 jsing Exp $ */ +/* $OpenBSD: x_name.c,v 1.27 2015/02/14 15:16:59 miod Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -422,7 +422,7 @@ x509_name_canon(X509_NAME *a) STACK_OF(STACK_OF_X509_NAME_ENTRY) *intname = NULL; STACK_OF(X509_NAME_ENTRY) *entries = NULL; X509_NAME_ENTRY *entry, *tmpentry = NULL; - int i, set = -1, ret = 0; + int i, len, set = -1, ret = 0; if (a->canon_enc) { free(a->canon_enc); @@ -456,16 +456,18 @@ x509_name_canon(X509_NAME *a) } /* Finally generate encoding */ - a->canon_enclen = i2d_name_canon(intname, NULL); - p = malloc(a->canon_enclen); - if (!p) + len = i2d_name_canon(intname, NULL); + if (len < 0) + goto err; + p = malloc(len); + if (p == NULL) goto err; a->canon_enc = p; + a->canon_enclen = len; i2d_name_canon(intname, &p); ret = 1; err: - if (tmpentry) X509_NAME_ENTRY_free(tmpentry); if (intname) -- cgit v1.2.3-55-g6feb