From 2ace745022f5af0709297e96eb0b0829c87c4291 Mon Sep 17 00:00:00 2001 From: Rich Salz Date: Thu, 30 Apr 2015 11:30:03 -0400 Subject: [PATCH] free NULL cleanup 8 Do not check for NULL before calling a free routine. This addresses: ASN1_BIT_STRING_free ASN1_GENERALIZEDTIME_free ASN1_INTEGER_free ASN1_OBJECT_free ASN1_OCTET_STRING_free ASN1_PCTX_free ASN1_SCTX_free ASN1_STRING_clear_free ASN1_STRING_free ASN1_TYPE_free ASN1_UTCTIME_free M_ASN1_free_of Reviewed-by: Richard Levitte --- apps/apps.c | 6 ++---- apps/asn1pars.c | 3 +-- apps/ca.c | 16 +++++++--------- crypto/asn1/a_object.c | 2 +- crypto/asn1/asn1_gen.c | 3 +-- crypto/asn1/tasn_prn.c | 3 ++- crypto/asn1/tasn_scn.c | 3 ++- crypto/asn1/x_algor.c | 6 ++---- crypto/asn1/x_x509a.c | 4 ++-- crypto/cms/cms_env.c | 6 ++---- crypto/cms/cms_ess.c | 3 +-- crypto/cms/cms_lib.c | 15 +++++---------- crypto/cms/cms_sd.c | 6 ++---- crypto/dh/dh_ameth.c | 9 +++------ crypto/dsa/dsa_ameth.c | 9 +++------ crypto/ec/ec_asn1.c | 9 +++------ crypto/ocsp/ocsp_ext.c | 6 ++---- crypto/pkcs12/p12_decr.c | 3 +-- crypto/ts/ts_rsp_sign.c | 3 +-- crypto/x509/x509_vpm.c | 16 ++++++---------- crypto/x509/x_attrib.c | 3 +-- crypto/x509v3/pcy_cache.c | 3 +-- crypto/x509v3/v3_pci.c | 18 ++++++------------ crypto/x509v3/v3_utl.c | 3 +-- 24 files changed, 58 insertions(+), 100 deletions(-) diff --git a/apps/apps.c b/apps/apps.c index ff832bd0be..5eadc72cfd 100644 --- a/apps/apps.c +++ b/apps/apps.c @@ -1414,8 +1414,7 @@ BIGNUM *load_serial(char *serialfile, int create, ASN1_INTEGER **retai) } err: BIO_free(in); - if (ai != NULL) - ASN1_INTEGER_free(ai); + ASN1_INTEGER_free(ai); return (ret); } @@ -1468,8 +1467,7 @@ int save_serial(char *serialfile, char *suffix, BIGNUM *serial, } err: BIO_free_all(out); - if (ai != NULL) - ASN1_INTEGER_free(ai); + ASN1_INTEGER_free(ai); return (ret); } diff --git a/apps/asn1pars.c b/apps/asn1pars.c index 6214625c54..7e1dfb7327 100644 --- a/apps/asn1pars.c +++ b/apps/asn1pars.c @@ -327,8 +327,7 @@ int asn1parse_main(int argc, char **argv) OPENSSL_free(header); if (strictpem && str != NULL) OPENSSL_free(str); - if (at != NULL) - ASN1_TYPE_free(at); + ASN1_TYPE_free(at); if (osk != NULL) sk_OPENSSL_STRING_free(osk); OBJ_cleanup(); diff --git a/apps/ca.c b/apps/ca.c index 9c96417258..553560304a 100644 --- a/apps/ca.c +++ b/apps/ca.c @@ -2033,8 +2033,7 @@ static int do_body(X509 **xret, EVP_PKEY *pkey, X509 *x509, X509_NAME_free(subject); if ((dn_subject != NULL) && !email_dn) X509_NAME_free(dn_subject); - if (tmptm != NULL) - ASN1_UTCTIME_free(tmptm); + ASN1_UTCTIME_free(tmptm); if (ok <= 0) { if (ret != NULL) X509_free(ret); @@ -2740,6 +2739,8 @@ int unpack_revinfo(ASN1_TIME **prevtm, int *preason, ASN1_OBJECT **phold, } if (phold) *phold = hold; + else + ASN1_OBJECT_free(hold); } else if ((reason_code == 9) || (reason_code == 10)) { if (!arg_str) { BIO_printf(bio_err, "missing compromised time\n"); @@ -2763,10 +2764,10 @@ int unpack_revinfo(ASN1_TIME **prevtm, int *preason, ASN1_OBJECT **phold, if (preason) *preason = reason_code; - if (pinvtm) + if (pinvtm) { *pinvtm = comp_time; - else - ASN1_GENERALIZEDTIME_free(comp_time); + comp_time = NULL; + } ret = 1; @@ -2774,10 +2775,7 @@ int unpack_revinfo(ASN1_TIME **prevtm, int *preason, ASN1_OBJECT **phold, if (tmp) OPENSSL_free(tmp); - if (!phold) - ASN1_OBJECT_free(hold); - if (!pinvtm) - ASN1_GENERALIZEDTIME_free(comp_time); + ASN1_GENERALIZEDTIME_free(comp_time); return ret; } diff --git a/crypto/asn1/a_object.c b/crypto/asn1/a_object.c index 166eb65a48..2b5a4940fe 100644 --- a/crypto/asn1/a_object.c +++ b/crypto/asn1/a_object.c @@ -339,7 +339,7 @@ ASN1_OBJECT *c2i_ASN1_OBJECT(ASN1_OBJECT **a, const unsigned char **pp, return (ret); err: ASN1err(ASN1_F_C2I_ASN1_OBJECT, i); - if ((ret != NULL) && ((a == NULL) || (*a != ret))) + if ((a == NULL) || (*a != ret)) ASN1_OBJECT_free(ret); return (NULL); } diff --git a/crypto/asn1/asn1_gen.c b/crypto/asn1/asn1_gen.c index cee37495e2..3e066bc3e8 100644 --- a/crypto/asn1/asn1_gen.c +++ b/crypto/asn1/asn1_gen.c @@ -513,8 +513,7 @@ static ASN1_TYPE *asn1_multi(int utype, const char *section, X509V3_CTX *cnf, if (der) OPENSSL_free(der); - if (sk) - sk_ASN1_TYPE_pop_free(sk, ASN1_TYPE_free); + sk_ASN1_TYPE_pop_free(sk, ASN1_TYPE_free); if (sect) X509V3_section_free(cnf, sect); diff --git a/crypto/asn1/tasn_prn.c b/crypto/asn1/tasn_prn.c index 76d584b2ba..10974eb7f4 100644 --- a/crypto/asn1/tasn_prn.c +++ b/crypto/asn1/tasn_prn.c @@ -100,7 +100,8 @@ ASN1_PCTX *ASN1_PCTX_new(void) void ASN1_PCTX_free(ASN1_PCTX *p) { - OPENSSL_free(p); + if (p) + OPENSSL_free(p); } unsigned long ASN1_PCTX_get_flags(ASN1_PCTX *p) diff --git a/crypto/asn1/tasn_scn.c b/crypto/asn1/tasn_scn.c index cedea9cb78..830540550e 100644 --- a/crypto/asn1/tasn_scn.c +++ b/crypto/asn1/tasn_scn.c @@ -86,7 +86,8 @@ ASN1_SCTX *ASN1_SCTX_new(int (*scan_cb) (ASN1_SCTX *ctx)) void ASN1_SCTX_free(ASN1_SCTX *p) { - OPENSSL_free(p); + if (p) + OPENSSL_free(p); } const ASN1_ITEM *ASN1_SCTX_get_item(ASN1_SCTX *p) diff --git a/crypto/asn1/x_algor.c b/crypto/asn1/x_algor.c index 30d648159f..ca2749179f 100644 --- a/crypto/asn1/x_algor.c +++ b/crypto/asn1/x_algor.c @@ -92,10 +92,8 @@ int X509_ALGOR_set0(X509_ALGOR *alg, ASN1_OBJECT *aobj, int ptype, void *pval) if (ptype == 0) return 1; if (ptype == V_ASN1_UNDEF) { - if (alg->parameter) { - ASN1_TYPE_free(alg->parameter); - alg->parameter = NULL; - } + ASN1_TYPE_free(alg->parameter); + alg->parameter = NULL; } else ASN1_TYPE_set(alg->parameter, ptype, pval); return 1; diff --git a/crypto/asn1/x_x509a.c b/crypto/asn1/x_x509a.c index 8be50b55e2..775e46f516 100644 --- a/crypto/asn1/x_x509a.c +++ b/crypto/asn1/x_x509a.c @@ -178,7 +178,7 @@ int X509_add1_reject_object(X509 *x, ASN1_OBJECT *obj) void X509_trust_clear(X509 *x) { - if (x->aux && x->aux->trust) { + if (x->aux) { sk_ASN1_OBJECT_pop_free(x->aux->trust, ASN1_OBJECT_free); x->aux->trust = NULL; } @@ -186,7 +186,7 @@ void X509_trust_clear(X509 *x) void X509_reject_clear(X509 *x) { - if (x->aux && x->aux->reject) { + if (x->aux) { sk_ASN1_OBJECT_pop_free(x->aux->reject, ASN1_OBJECT_free); x->aux->reject = NULL; } diff --git a/crypto/cms/cms_env.c b/crypto/cms/cms_env.c index 3b4b930136..98c1fe0120 100644 --- a/crypto/cms/cms_env.c +++ b/crypto/cms/cms_env.c @@ -277,8 +277,7 @@ CMS_RecipientInfo *CMS_add1_recipient_cert(CMS_ContentInfo *cms, merr: CMSerr(CMS_F_CMS_ADD1_RECIPIENT_CERT, ERR_R_MALLOC_FAILURE); err: - if (ri) - M_ASN1_free_of(ri, CMS_RecipientInfo); + M_ASN1_free_of(ri, CMS_RecipientInfo); EVP_PKEY_free(pk); return NULL; @@ -616,8 +615,7 @@ CMS_RecipientInfo *CMS_add0_recipient_key(CMS_ContentInfo *cms, int nid, merr: CMSerr(CMS_F_CMS_ADD0_RECIPIENT_KEY, ERR_R_MALLOC_FAILURE); err: - if (ri) - M_ASN1_free_of(ri, CMS_RecipientInfo); + M_ASN1_free_of(ri, CMS_RecipientInfo); return NULL; } diff --git a/crypto/cms/cms_ess.c b/crypto/cms/cms_ess.c index 8212560628..6d5fa90a06 100644 --- a/crypto/cms/cms_ess.c +++ b/crypto/cms/cms_ess.c @@ -340,8 +340,7 @@ int cms_Receipt_verify(CMS_ContentInfo *cms, CMS_ContentInfo *req_cms) err: if (rr) CMS_ReceiptRequest_free(rr); - if (rct) - M_ASN1_free_of(rct, CMS_Receipt); + M_ASN1_free_of(rct, CMS_Receipt); return r; diff --git a/crypto/cms/cms_lib.c b/crypto/cms/cms_lib.c index 6d2a0e8275..8525ff8cf6 100644 --- a/crypto/cms/cms_lib.c +++ b/crypto/cms/cms_lib.c @@ -314,10 +314,8 @@ int CMS_set_detached(CMS_ContentInfo *cms, int detached) if (!pos) return 0; if (detached) { - if (*pos) { - ASN1_OCTET_STRING_free(*pos); - *pos = NULL; - } + ASN1_OCTET_STRING_free(*pos); + *pos = NULL; return 1; } if (!*pos) @@ -605,13 +603,11 @@ int cms_set1_ias(CMS_IssuerAndSerialNumber **pias, X509 *cert) goto err; if (!ASN1_STRING_copy(ias->serialNumber, X509_get_serialNumber(cert))) goto err; - if (*pias) - M_ASN1_free_of(*pias, CMS_IssuerAndSerialNumber); + M_ASN1_free_of(*pias, CMS_IssuerAndSerialNumber); *pias = ias; return 1; err: - if (ias) - M_ASN1_free_of(ias, CMS_IssuerAndSerialNumber); + M_ASN1_free_of(ias, CMS_IssuerAndSerialNumber); CMSerr(CMS_F_CMS_SET1_IAS, ERR_R_MALLOC_FAILURE); return 0; } @@ -629,8 +625,7 @@ int cms_set1_keyid(ASN1_OCTET_STRING **pkeyid, X509 *cert) CMSerr(CMS_F_CMS_SET1_KEYID, ERR_R_MALLOC_FAILURE); return 0; } - if (*pkeyid) - ASN1_OCTET_STRING_free(*pkeyid); + ASN1_OCTET_STRING_free(*pkeyid); *pkeyid = keyid; return 1; } diff --git a/crypto/cms/cms_sd.c b/crypto/cms/cms_sd.c index 71c234cb39..c0a9780acf 100644 --- a/crypto/cms/cms_sd.c +++ b/crypto/cms/cms_sd.c @@ -404,8 +404,7 @@ CMS_SignerInfo *CMS_add1_signer(CMS_ContentInfo *cms, merr: CMSerr(CMS_F_CMS_ADD1_SIGNER, ERR_R_MALLOC_FAILURE); err: - if (si) - M_ASN1_free_of(si, CMS_SignerInfo); + M_ASN1_free_of(si, CMS_SignerInfo); return NULL; } @@ -904,8 +903,7 @@ int CMS_add_simple_smimecap(STACK_OF(X509_ALGOR) **algs, } alg = X509_ALGOR_new(); if (!alg) { - if (key) - ASN1_INTEGER_free(key); + ASN1_INTEGER_free(key); return 0; } diff --git a/crypto/dh/dh_ameth.c b/crypto/dh/dh_ameth.c index 4b22ec47b9..8cd90b6b78 100644 --- a/crypto/dh/dh_ameth.c +++ b/crypto/dh/dh_ameth.c @@ -140,8 +140,7 @@ static int dh_pub_decode(EVP_PKEY *pkey, X509_PUBKEY *pubkey) return 1; err: - if (public_key) - ASN1_INTEGER_free(public_key); + ASN1_INTEGER_free(public_key); DH_free(dh); return 0; @@ -296,8 +295,7 @@ static int dh_priv_encode(PKCS8_PRIV_KEY_INFO *p8, const EVP_PKEY *pkey) if (dp != NULL) OPENSSL_free(dp); ASN1_STRING_free(params); - if (prkey != NULL) - ASN1_STRING_clear_free(prkey); + ASN1_STRING_clear_free(prkey); return 0; } @@ -706,8 +704,7 @@ static int dh_cms_set_peerkey(EVP_PKEY_CTX *pctx, if (EVP_PKEY_derive_set_peer(pctx, pkpeer) > 0) rv = 1; err: - if (public_key) - ASN1_INTEGER_free(public_key); + ASN1_INTEGER_free(public_key); EVP_PKEY_free(pkpeer); DH_free(dhpeer); return rv; diff --git a/crypto/dsa/dsa_ameth.c b/crypto/dsa/dsa_ameth.c index c155e5b519..76fc2ce8c6 100644 --- a/crypto/dsa/dsa_ameth.c +++ b/crypto/dsa/dsa_ameth.c @@ -118,8 +118,7 @@ static int dsa_pub_decode(EVP_PKEY *pkey, X509_PUBKEY *pubkey) return 1; err: - if (public_key) - ASN1_INTEGER_free(public_key); + ASN1_INTEGER_free(public_key); DSA_free(dsa); return 0; @@ -279,8 +278,7 @@ static int dsa_priv_decode(EVP_PKEY *pkey, PKCS8_PRIV_KEY_INFO *p8) DSAerr(DSA_F_DSA_PRIV_DECODE, EVP_R_DECODE_ERROR); dsaerr: BN_CTX_free(ctx); - if (privkey) - ASN1_STRING_clear_free(privkey); + ASN1_STRING_clear_free(privkey); sk_ASN1_TYPE_pop_free(ndsa, ASN1_TYPE_free); DSA_free(dsa); return 0; @@ -334,8 +332,7 @@ static int dsa_priv_encode(PKCS8_PRIV_KEY_INFO *p8, const EVP_PKEY *pkey) if (dp != NULL) OPENSSL_free(dp); ASN1_STRING_free(params); - if (prkey != NULL) - ASN1_STRING_clear_free(prkey); + ASN1_STRING_clear_free(prkey); return 0; } diff --git a/crypto/ec/ec_asn1.c b/crypto/ec/ec_asn1.c index 97c590691d..36dcb969c4 100644 --- a/crypto/ec/ec_asn1.c +++ b/crypto/ec/ec_asn1.c @@ -318,8 +318,7 @@ static int ec_asn1_group2fieldid(const EC_GROUP *group, X9_62_FIELDID *field) /* clear the old values (if necessary) */ ASN1_OBJECT_free(field->fieldType); - if (field->p.other != NULL) - ASN1_TYPE_free(field->p.other); + ASN1_TYPE_free(field->p.other); nid = EC_METHOD_get_field_type(EC_GROUP_method_of(group)); /* set OID for the field */ @@ -519,10 +518,8 @@ static int ec_asn1_group2curve(const EC_GROUP *group, X9_62_CURVE *curve) goto err; } } else { - if (curve->seed) { - ASN1_BIT_STRING_free(curve->seed); - curve->seed = NULL; - } + ASN1_BIT_STRING_free(curve->seed); + curve->seed = NULL; } ok = 1; diff --git a/crypto/ocsp/ocsp_ext.c b/crypto/ocsp/ocsp_ext.c index b564259134..520b55afc7 100644 --- a/crypto/ocsp/ocsp_ext.c +++ b/crypto/ocsp/ocsp_ext.c @@ -460,8 +460,7 @@ X509_EXTENSION *OCSP_accept_responses_new(char **oids) } x = X509V3_EXT_i2d(NID_id_pkix_OCSP_acceptableResponses, 0, sk); err: - if (sk) - sk_ASN1_OBJECT_pop_free(sk, ASN1_OBJECT_free); + sk_ASN1_OBJECT_pop_free(sk, ASN1_OBJECT_free); return x; } @@ -477,8 +476,7 @@ X509_EXTENSION *OCSP_archive_cutoff_new(char *tim) goto err; x = X509V3_EXT_i2d(NID_id_pkix_OCSP_archiveCutoff, 0, gt); err: - if (gt) - ASN1_GENERALIZEDTIME_free(gt); + ASN1_GENERALIZEDTIME_free(gt); return x; } diff --git a/crypto/pkcs12/p12_decr.c b/crypto/pkcs12/p12_decr.c index 7a9d3cac76..19efd967d8 100644 --- a/crypto/pkcs12/p12_decr.c +++ b/crypto/pkcs12/p12_decr.c @@ -194,7 +194,6 @@ ASN1_OCTET_STRING *PKCS12_item_i2d_encrypt(X509_ALGOR *algor, OPENSSL_free(in); return oct; err: - if (oct) - ASN1_OCTET_STRING_free(oct); + ASN1_OCTET_STRING_free(oct); return NULL; } diff --git a/crypto/ts/ts_rsp_sign.c b/crypto/ts/ts_rsp_sign.c index a8d683bafc..0cdeb068c6 100644 --- a/crypto/ts/ts_rsp_sign.c +++ b/crypto/ts/ts_rsp_sign.c @@ -225,8 +225,7 @@ int TS_RESP_CTX_set_signer_key(TS_RESP_CTX *ctx, EVP_PKEY *key) int TS_RESP_CTX_set_def_policy(TS_RESP_CTX *ctx, ASN1_OBJECT *def_policy) { - if (ctx->default_policy) - ASN1_OBJECT_free(ctx->default_policy); + ASN1_OBJECT_free(ctx->default_policy); if (!(ctx->default_policy = OBJ_dup(def_policy))) goto err; return 1; diff --git a/crypto/x509/x509_vpm.c b/crypto/x509/x509_vpm.c index 2c30ff4026..009255e365 100644 --- a/crypto/x509/x509_vpm.c +++ b/crypto/x509/x509_vpm.c @@ -144,15 +144,11 @@ static void x509_verify_param_zero(X509_VERIFY_PARAM *param) param->inh_flags = 0; param->flags = 0; param->depth = -1; - if (param->policies) { - sk_ASN1_OBJECT_pop_free(param->policies, ASN1_OBJECT_free); - param->policies = NULL; - } + sk_ASN1_OBJECT_pop_free(param->policies, ASN1_OBJECT_free); + param->policies = NULL; paramid = param->id; - if (paramid->hosts) { - string_stack_free(paramid->hosts); - paramid->hosts = NULL; - } + string_stack_free(paramid->hosts); + paramid->hosts = NULL; if (paramid->peername) OPENSSL_free(paramid->peername); if (paramid->email) { @@ -426,10 +422,10 @@ int X509_VERIFY_PARAM_set1_policies(X509_VERIFY_PARAM *param, { int i; ASN1_OBJECT *oid, *doid; + if (!param) return 0; - if (param->policies) - sk_ASN1_OBJECT_pop_free(param->policies, ASN1_OBJECT_free); + sk_ASN1_OBJECT_pop_free(param->policies, ASN1_OBJECT_free); if (!policies) { param->policies = NULL; diff --git a/crypto/x509/x_attrib.c b/crypto/x509/x_attrib.c index a07a5da139..9ff6dcc687 100644 --- a/crypto/x509/x_attrib.c +++ b/crypto/x509/x_attrib.c @@ -100,7 +100,6 @@ X509_ATTRIBUTE *X509_ATTRIBUTE_create(int nid, int atrtype, void *value) err: if (ret != NULL) X509_ATTRIBUTE_free(ret); - if (val != NULL) - ASN1_TYPE_free(val); + ASN1_TYPE_free(val); return (NULL); } diff --git a/crypto/x509v3/pcy_cache.c b/crypto/x509v3/pcy_cache.c index c8f41f24bc..eff4291aab 100644 --- a/crypto/x509v3/pcy_cache.c +++ b/crypto/x509v3/pcy_cache.c @@ -209,8 +209,7 @@ static int policy_cache_new(X509 *x) if (ext_pcons) POLICY_CONSTRAINTS_free(ext_pcons); - if (ext_any) - ASN1_INTEGER_free(ext_any); + ASN1_INTEGER_free(ext_any); return 1; diff --git a/crypto/x509v3/v3_pci.c b/crypto/x509v3/v3_pci.c index 4139b34cbc..2568ea8bc9 100644 --- a/crypto/x509v3/v3_pci.c +++ b/crypto/x509v3/v3_pci.c @@ -306,18 +306,12 @@ static PROXY_CERT_INFO_EXTENSION *r2i_pci(X509V3_EXT_METHOD *method, goto end; err: ASN1_OBJECT_free(language); - if (pathlen) { - ASN1_INTEGER_free(pathlen); - pathlen = NULL; - } - if (policy) { - ASN1_OCTET_STRING_free(policy); - policy = NULL; - } - if (pci) { - PROXY_CERT_INFO_EXTENSION_free(pci); - pci = NULL; - } + ASN1_INTEGER_free(pathlen); + pathlen = NULL; + ASN1_OCTET_STRING_free(policy); + policy = NULL; + PROXY_CERT_INFO_EXTENSION_free(pci); + pci = NULL; end: sk_CONF_VALUE_pop_free(vals, X509V3_conf_free); return pci; diff --git a/crypto/x509v3/v3_utl.c b/crypto/x509v3/v3_utl.c index aa3a4dea90..5de60ce848 100644 --- a/crypto/x509v3/v3_utl.c +++ b/crypto/x509v3/v3_utl.c @@ -1110,8 +1110,7 @@ ASN1_OCTET_STRING *a2i_IPADDRESS_NC(const char *ipasc) err: if (iptmp) OPENSSL_free(iptmp); - if (ret) - ASN1_OCTET_STRING_free(ret); + ASN1_OCTET_STRING_free(ret); return NULL; } -- 2.25.1