x509: add ASN1_STRING_set() check result

Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/21497)
author: atishkov <a.tishkov@aladdin.ru> 2023-07-20 11:02:38 +0300
committer: Pauli <pauli@openssl.org> 2023-07-25 12:08:14 +1000
commit: 46e95903762f0cc478d8a3c252390fa7312bba6e (patch)
tree: dec90a27ecb30c5a0d3a973cd4c98d881de39b03 /crypto
parent: 833840be9784205691105e197d71529ed0ddfdc4 (diff)
1 files changed, 13 insertions, 18 deletions
diff --git a/crypto/x509/v3_ist.c b/crypto/x509/v3_ist.c
index cb3a68cf40..c30725dc48 100644
--- a/crypto/x509/v3_ist.c
+++ b/crypto/x509/v3_ist.c
@@ -50,43 +50,38 @@ static ISSUER_SIGN_TOOL *v2i_issuer_sign_tool(X509V3_EXT_METHOD *method, X509V3_
         }
         if (strcmp(cnf->name, "signTool") == 0) {
             ist->signTool = ASN1_UTF8STRING_new();
-            if (ist->signTool == NULL) {
+            if (ist->signTool == NULL || !ASN1_STRING_set(ist->signTool, cnf->value, strlen(cnf->value))) {
                 ERR_raise(ERR_LIB_X509V3, ERR_R_ASN1_LIB);
-                ISSUER_SIGN_TOOL_free(ist);
-                return NULL;
+                goto err;
             }
-            ASN1_STRING_set(ist->signTool, cnf->value, strlen(cnf->value));
         } else if (strcmp(cnf->name, "cATool") == 0) {
             ist->cATool = ASN1_UTF8STRING_new();
-            if (ist->cATool == NULL) {
+            if (ist->cATool == NULL || !ASN1_STRING_set(ist->cATool, cnf->value, strlen(cnf->value))) {
                 ERR_raise(ERR_LIB_X509V3, ERR_R_ASN1_LIB);
-                ISSUER_SIGN_TOOL_free(ist);
-                return NULL;
+                goto err;
             }
-            ASN1_STRING_set(ist->cATool, cnf->value, strlen(cnf->value));
         } else if (strcmp(cnf->name, "signToolCert") == 0) {
             ist->signToolCert = ASN1_UTF8STRING_new();
-            if (ist->signToolCert == NULL) {
+            if (ist->signToolCert == NULL || !ASN1_STRING_set(ist->signToolCert, cnf->value, strlen(cnf->value))) {
                 ERR_raise(ERR_LIB_X509V3, ERR_R_ASN1_LIB);
-                ISSUER_SIGN_TOOL_free(ist);
-                return NULL;
+                goto err;
             }
-            ASN1_STRING_set(ist->signToolCert, cnf->value, strlen(cnf->value));
         } else if (strcmp(cnf->name, "cAToolCert") == 0) {
             ist->cAToolCert = ASN1_UTF8STRING_new();
-            if (ist->cAToolCert == NULL) {
+            if (ist->cAToolCert == NULL || !ASN1_STRING_set(ist->cAToolCert, cnf->value, strlen(cnf->value))) {
                 ERR_raise(ERR_LIB_X509V3, ERR_R_ASN1_LIB);
-                ISSUER_SIGN_TOOL_free(ist);
-                return NULL;
+                goto err;
             }
-            ASN1_STRING_set(ist->cAToolCert, cnf->value, strlen(cnf->value));
         } else {
             ERR_raise(ERR_LIB_X509V3, ERR_R_PASSED_INVALID_ARGUMENT);
-            ISSUER_SIGN_TOOL_free(ist);
-            return NULL;
+            goto err;
         }
     }
     return ist;
+
+err:
+    ISSUER_SIGN_TOOL_free(ist);
+    return NULL;
 }
 
 static int i2r_issuer_sign_tool(X509V3_EXT_METHOD *method,
author	atishkov <a.tishkov@aladdin.ru>	2023-07-20 11:02:38 +0300
committer	Pauli <pauli@openssl.org>	2023-07-25 12:08:14 +1000
commit	46e95903762f0cc478d8a3c252390fa7312bba6e (patch)
tree	dec90a27ecb30c5a0d3a973cd4c98d881de39b03 /crypto
parent	833840be9784205691105e197d71529ed0ddfdc4 (diff)