From: raja-ashok Date: Tue, 3 Dec 2019 09:31:49 +0000 (+1000) Subject: Set argument only after successful dup on CMP APIs X-Git-Tag: openssl-3.0.0-alpha1~869 X-Git-Url: https://git.librecmc.org/?a=commitdiff_plain;h=59ae04d74a57cf791af510a717b5822950a0f875;p=oweals%2Fopenssl.git Set argument only after successful dup on CMP APIs Reviewed-by: Matt Caswell Reviewed-by: Kurt Roeckx (Merged from https://github.com/openssl/openssl/pull/10511) --- diff --git a/crypto/cmp/cmp_ctx.c b/crypto/cmp/cmp_ctx.c index 4a70b33ee7..89ecab1413 100644 --- a/crypto/cmp/cmp_ctx.c +++ b/crypto/cmp/cmp_ctx.c @@ -68,14 +68,21 @@ STACK_OF(X509) *OSSL_CMP_CTX_get0_untrusted_certs(const OSSL_CMP_CTX *ctx) */ int OSSL_CMP_CTX_set1_untrusted_certs(OSSL_CMP_CTX *ctx, STACK_OF(X509) *certs) { + STACK_OF(X509) *untrusted_certs; if (ctx == NULL) { CMPerr(0, CMP_R_NULL_ARGUMENT); return 0; } - sk_X509_pop_free(ctx->untrusted_certs, X509_free); - if ((ctx->untrusted_certs = sk_X509_new_null()) == NULL) + if ((untrusted_certs = sk_X509_new_null()) == NULL) return 0; - return ossl_cmp_sk_X509_add1_certs(ctx->untrusted_certs, certs, 0, 1, 0); + if (ossl_cmp_sk_X509_add1_certs(untrusted_certs, certs, 0, 1, 0) != 1) + goto err; + sk_X509_pop_free(ctx->untrusted_certs, X509_free); + ctx->untrusted_certs = untrusted_certs; + return 1; +err: + sk_X509_pop_free(untrusted_certs, X509_free); + return 0; } /* @@ -373,13 +380,19 @@ int OSSL_CMP_CTX_set1_referenceValue(OSSL_CMP_CTX *ctx, int OSSL_CMP_CTX_set1_secretValue(OSSL_CMP_CTX *ctx, const unsigned char *sec, const int len) { + ASN1_OCTET_STRING *secretValue = NULL; if (ctx == NULL) { CMPerr(0, CMP_R_NULL_ARGUMENT); return 0; } - if (ctx->secretValue != NULL) + if (ossl_cmp_asn1_octet_string_set1_bytes(&secretValue, sec, len) != 1) + return 0; + if (ctx->secretValue != NULL) { OPENSSL_cleanse(ctx->secretValue->data, ctx->secretValue->length); - return ossl_cmp_asn1_octet_string_set1_bytes(&ctx->secretValue, sec, len); + ASN1_OCTET_STRING_free(ctx->secretValue); + } + ctx->secretValue = secretValue; + return 1; } /* diff --git a/crypto/cmp/cmp_util.c b/crypto/cmp/cmp_util.c index 9490496cbe..0390c23e66 100644 --- a/crypto/cmp/cmp_util.c +++ b/crypto/cmp/cmp_util.c @@ -408,21 +408,23 @@ STACK_OF(X509) *ossl_cmp_build_cert_chain(STACK_OF(X509) *certs, X509 *cert) int ossl_cmp_asn1_octet_string_set1(ASN1_OCTET_STRING **tgt, const ASN1_OCTET_STRING *src) { + ASN1_OCTET_STRING *new; if (tgt == NULL) { CMPerr(0, CMP_R_NULL_ARGUMENT); return 0; } if (*tgt == src) /* self-assignment */ return 1; - ASN1_OCTET_STRING_free(*tgt); if (src != NULL) { - if ((*tgt = ASN1_OCTET_STRING_dup(src)) == NULL) + if ((new = ASN1_OCTET_STRING_dup(src)) == NULL) return 0; } else { - *tgt = NULL; + new = NULL; } + ASN1_OCTET_STRING_free(*tgt); + *tgt = new; return 1; }