From 11c68ceaa6bd93f4c2de4ae34bb1852729447d45 Mon Sep 17 00:00:00 2001
From: Rob Percival <robpercival@google.com>
Date: Mon, 15 Aug 2016 14:47:02 +0100
Subject: Make CT_POLICY_EVAL_CTX_set1_{cert,issuer} into boolean functions
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

They may fail if they cannot increment the reference count of the
certificate they are storing a pointer for. They should return 0 if this
occurs.

Reviewed-by: Emilia Käsper <emilia@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1408)
---
 crypto/ct/ct_policy.c | 16 ++++++++++------
 1 file changed, 10 insertions(+), 6 deletions(-)

(limited to 'crypto/ct')

diff --git a/crypto/ct/ct_policy.c b/crypto/ct/ct_policy.c
index 3c8411c0e4..8bc9133fbf 100644
--- a/crypto/ct/ct_policy.c
+++ b/crypto/ct/ct_policy.c
@@ -35,16 +35,20 @@ void CT_POLICY_EVAL_CTX_free(CT_POLICY_EVAL_CTX *ctx)
     OPENSSL_free(ctx);
 }
 
-void CT_POLICY_EVAL_CTX_set1_cert(CT_POLICY_EVAL_CTX *ctx, X509 *cert)
+int CT_POLICY_EVAL_CTX_set1_cert(CT_POLICY_EVAL_CTX *ctx, X509 *cert)
 {
-    if (X509_up_ref(cert))
-        ctx->cert = cert;
+    if (!X509_up_ref(cert))
+        return 0;
+    ctx->cert = cert;
+    return 1;
 }
 
-void CT_POLICY_EVAL_CTX_set1_issuer(CT_POLICY_EVAL_CTX *ctx, X509 *issuer)
+int CT_POLICY_EVAL_CTX_set1_issuer(CT_POLICY_EVAL_CTX *ctx, X509 *issuer)
 {
-    if (X509_up_ref(issuer))
-        ctx->issuer = issuer;
+    if (!X509_up_ref(issuer))
+        return 0;
+    ctx->issuer = issuer;
+    return 1;
 }
 
 void CT_POLICY_EVAL_CTX_set_shared_CTLOG_STORE(CT_POLICY_EVAL_CTX *ctx,
-- 
cgit v1.2.3