Set argument only after successful dup on CMP APIs

author raja-ashok <rashok.svks@gmail.com>

Tue, 3 Dec 2019 09:31:49 +0000 (19:31 +1000)

committer Pauli <paul.dale@oracle.com>

Tue, 3 Dec 2019 09:31:49 +0000 (19:31 +1000)
author raja-ashok <rashok.svks@gmail.com>
Tue, 3 Dec 2019 09:31:49 +0000 (19:31 +1000)
committer Pauli <paul.dale@oracle.com>
Tue, 3 Dec 2019 09:31:49 +0000 (19:31 +1000)
diff --git a/crypto/cmp/cmp_ctx.c b/crypto/cmp/cmp_ctx.c

index 4a70b33ee71b0e1a5e1c761e4726b961a36f2395..89ecab14131ab7e619579c4394cabf208237eb47 100644 (file)
--- a/crypto/cmp/cmp_ctx.c
+++ b/crypto/cmp/cmp_ctx.c
@@ -68,14 +68,21 @@ STACK_OF(X509) *OSSL_CMP_CTX_get0_untrusted_certs(const OSSL_CMP_CTX *ctx)
   */
  int OSSL_CMP_CTX_set1_untrusted_certs(OSSL_CMP_CTX *ctx, STACK_OF(X509) *certs)
  {
+    STACK_OF(X509) *untrusted_certs;
      if (ctx == NULL) {
          CMPerr(0, CMP_R_NULL_ARGUMENT);
          return 0;
      }
-    sk_X509_pop_free(ctx->untrusted_certs, X509_free);
-    if ((ctx->untrusted_certs = sk_X509_new_null()) == NULL)
+    if ((untrusted_certs = sk_X509_new_null()) == NULL)
          return 0;
-    return ossl_cmp_sk_X509_add1_certs(ctx->untrusted_certs, certs, 0, 1, 0);
+    if (ossl_cmp_sk_X509_add1_certs(untrusted_certs, certs, 0, 1, 0) != 1)
+        goto err;
+    sk_X509_pop_free(ctx->untrusted_certs, X509_free);
+    ctx->untrusted_certs = untrusted_certs;
+    return 1;
+err:
+    sk_X509_pop_free(untrusted_certs, X509_free);
+    return 0;
  }
  
  /*
@@ -373,13 +380,19 @@ int OSSL_CMP_CTX_set1_referenceValue(OSSL_CMP_CTX *ctx,
  int OSSL_CMP_CTX_set1_secretValue(OSSL_CMP_CTX *ctx, const unsigned char *sec,
                                    const int len)
  {
+    ASN1_OCTET_STRING *secretValue = NULL;
      if (ctx == NULL) {
          CMPerr(0, CMP_R_NULL_ARGUMENT);
          return 0;
      }
-    if (ctx->secretValue != NULL)
+    if (ossl_cmp_asn1_octet_string_set1_bytes(&secretValue, sec, len) != 1)
+        return 0;
+    if (ctx->secretValue != NULL) {
          OPENSSL_cleanse(ctx->secretValue->data, ctx->secretValue->length);
-    return ossl_cmp_asn1_octet_string_set1_bytes(&ctx->secretValue, sec, len);
+        ASN1_OCTET_STRING_free(ctx->secretValue);
+    }
+    ctx->secretValue = secretValue;
+    return 1;
  }
  
  /*
diff --git a/crypto/cmp/cmp_util.c b/crypto/cmp/cmp_util.c

index 9490496cbee135e45bcaf3e246c717534125b280..0390c23e66ce178db2596522ca0051bef8cd1184 100644 (file)
--- a/crypto/cmp/cmp_util.c
+++ b/crypto/cmp/cmp_util.c
@@ -408,21 +408,23 @@ STACK_OF(X509) *ossl_cmp_build_cert_chain(STACK_OF(X509) *certs, X509 *cert)
  int ossl_cmp_asn1_octet_string_set1(ASN1_OCTET_STRING **tgt,
                                      const ASN1_OCTET_STRING *src)
  {
+    ASN1_OCTET_STRING *new;
      if (tgt == NULL) {
          CMPerr(0, CMP_R_NULL_ARGUMENT);
          return 0;
      }
      if (*tgt == src) /* self-assignment */
          return 1;
-    ASN1_OCTET_STRING_free(*tgt);
  
      if (src != NULL) {
-        if ((*tgt = ASN1_OCTET_STRING_dup(src)) == NULL)
+        if ((new = ASN1_OCTET_STRING_dup(src)) == NULL)
              return 0;
      } else {
-        *tgt = NULL;
+        new = NULL;
      }
  
+    ASN1_OCTET_STRING_free(*tgt);
+    *tgt = new;
      return 1;
  }
author	raja-ashok <rashok.svks@gmail.com>
	Tue, 3 Dec 2019 09:31:49 +0000 (19:31 +1000)
committer	Pauli <paul.dale@oracle.com>
	Tue, 3 Dec 2019 09:31:49 +0000 (19:31 +1000)
crypto/cmp/cmp_ctx.c		patch \| blob \| history
crypto/cmp/cmp_util.c		patch \| blob \| history