diff options
| author | raja-ashok <rashok.svks@gmail.com> | 2019-12-03 19:31:49 +1000 |
|---|---|---|
| committer | Pauli <paul.dale@oracle.com> | 2019-12-03 19:31:49 +1000 |
| commit | 59ae04d74a57cf791af510a717b5822950a0f875 (patch) | |
| tree | d368236e64b414068280e5bfb9aae929e35fe8d0 /crypto | |
| parent | be3acd799bfd0fb09ea934e4984ec9eda19d8b8f (diff) | |
Set argument only after successful dup on CMP APIs
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Kurt Roeckx <kurt@roeckx.be>
(Merged from https://github.com/openssl/openssl/pull/10511)
Diffstat (limited to 'crypto')
| -rw-r--r-- | crypto/cmp/cmp_ctx.c | 23 | ||||
| -rw-r--r-- | crypto/cmp/cmp_util.c | 8 |
2 files changed, 23 insertions, 8 deletions
diff --git a/crypto/cmp/cmp_ctx.c b/crypto/cmp/cmp_ctx.c index 4a70b33ee7..89ecab1413 100644 --- a/crypto/cmp/cmp_ctx.c +++ b/crypto/cmp/cmp_ctx.c @@ -68,14 +68,21 @@ STACK_OF(X509) *OSSL_CMP_CTX_get0_untrusted_certs(const OSSL_CMP_CTX *ctx) */ int OSSL_CMP_CTX_set1_untrusted_certs(OSSL_CMP_CTX *ctx, STACK_OF(X509) *certs) { + STACK_OF(X509) *untrusted_certs; if (ctx == NULL) { CMPerr(0, CMP_R_NULL_ARGUMENT); return 0; } - sk_X509_pop_free(ctx->untrusted_certs, X509_free); - if ((ctx->untrusted_certs = sk_X509_new_null()) == NULL) + if ((untrusted_certs = sk_X509_new_null()) == NULL) return 0; - return ossl_cmp_sk_X509_add1_certs(ctx->untrusted_certs, certs, 0, 1, 0); + if (ossl_cmp_sk_X509_add1_certs(untrusted_certs, certs, 0, 1, 0) != 1) + goto err; + sk_X509_pop_free(ctx->untrusted_certs, X509_free); + ctx->untrusted_certs = untrusted_certs; + return 1; +err: + sk_X509_pop_free(untrusted_certs, X509_free); + return 0; } /* @@ -373,13 +380,19 @@ int OSSL_CMP_CTX_set1_referenceValue(OSSL_CMP_CTX *ctx, int OSSL_CMP_CTX_set1_secretValue(OSSL_CMP_CTX *ctx, const unsigned char *sec, const int len) { + ASN1_OCTET_STRING *secretValue = NULL; if (ctx == NULL) { CMPerr(0, CMP_R_NULL_ARGUMENT); return 0; } - if (ctx->secretValue != NULL) + if (ossl_cmp_asn1_octet_string_set1_bytes(&secretValue, sec, len) != 1) + return 0; + if (ctx->secretValue != NULL) { OPENSSL_cleanse(ctx->secretValue->data, ctx->secretValue->length); - return ossl_cmp_asn1_octet_string_set1_bytes(&ctx->secretValue, sec, len); + ASN1_OCTET_STRING_free(ctx->secretValue); + } + ctx->secretValue = secretValue; + return 1; } /* diff --git a/crypto/cmp/cmp_util.c b/crypto/cmp/cmp_util.c index 9490496cbe..0390c23e66 100644 --- a/crypto/cmp/cmp_util.c +++ b/crypto/cmp/cmp_util.c @@ -408,21 +408,23 @@ STACK_OF(X509) *ossl_cmp_build_cert_chain(STACK_OF(X509) *certs, X509 *cert) int ossl_cmp_asn1_octet_string_set1(ASN1_OCTET_STRING **tgt, const ASN1_OCTET_STRING *src) { + ASN1_OCTET_STRING *new; if (tgt == NULL) { CMPerr(0, CMP_R_NULL_ARGUMENT); return 0; } if (*tgt == src) /* self-assignment */ return 1; - ASN1_OCTET_STRING_free(*tgt); if (src != NULL) { - if ((*tgt = ASN1_OCTET_STRING_dup(src)) == NULL) + if ((new = ASN1_OCTET_STRING_dup(src)) == NULL) return 0; } else { - *tgt = NULL; + new = NULL; } + ASN1_OCTET_STRING_free(*tgt); + *tgt = new; return 1; } |