From 32f3b98d1302d4c0950dc1bf94b50269b6edbd95 Mon Sep 17 00:00:00 2001
From: Andy Polyakov <appro@openssl.org>
Date: Sun, 8 Oct 2017 20:10:13 +0200
Subject: crypto/x509v3/v3_utl.c, ssl/ssl_cert.c: fix Coverity problems.

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/4492)
---
 ssl/ssl_cert.c | 8 +++++---
 1 file changed, 5 insertions(+), 3 deletions(-)

(limited to 'ssl/ssl_cert.c')

diff --git a/ssl/ssl_cert.c b/ssl/ssl_cert.c
index 008b58f4bd..9a1d936bb4 100644
--- a/ssl/ssl_cert.c
+++ b/ssl/ssl_cert.c
@@ -468,18 +468,20 @@ STACK_OF(X509_NAME) *SSL_dup_CA_list(const STACK_OF(X509_NAME) *sk)
         SSLerr(SSL_F_SSL_DUP_CA_LIST, ERR_R_MALLOC_FAILURE);
         return NULL;
     }
-    if (!sk_X509_NAME_reserve(ret, num))
+    if (!sk_X509_NAME_reserve(ret, num)) {
+        sk_X509_NAME_free(ret);
         return NULL;
+    }
     for (i = 0; i < num; i++) {
         name = X509_NAME_dup(sk_X509_NAME_value(sk, i));
         if (name == NULL) {
+            SSLerr(SSL_F_SSL_DUP_CA_LIST, ERR_R_MALLOC_FAILURE);
             sk_X509_NAME_pop_free(ret, X509_NAME_free);
-            X509_NAME_free(name);
             return NULL;
         }
         sk_X509_NAME_push(ret, name);   /* Cannot fail after reserve call */
     }
-    return (ret);
+    return ret;
 }
 
 void SSL_set0_CA_list(SSL *s, STACK_OF(X509_NAME) *name_list)
-- 
cgit v1.2.3