diff options
| author |   miod <miod@openbsd.org> | 2016-11-05 13:27:53 +0000 |
|---|---|---|
| committer | miod <miod@openbsd.org> | 2016-11-05 13:27:53 +0000 |
| commit | c602b0f2ecd412fb98088de0be0232ef869b2613 (patch) | |
| tree | 71e8acd6e89b47b834388ef1ea2d111659fe8d1a | |
| parent | Do not leak the ressources possibly allocated by EVP_MD_CTX_init() in the (diff) | |
| download | wireguard-openbsd-c602b0f2ecd412fb98088de0be0232ef869b2613.tar.xz wireguard-openbsd-c602b0f2ecd412fb98088de0be0232ef869b2613.zip | |
X509_STORE_CTX_set_*() may fail, so check for errors.
ok beck@
| -rw-r--r-- | lib/libcrypto/ocsp/ocsp_vfy.c | 18 |
1 files changed, 14 insertions, 4 deletions
diff --git a/lib/libcrypto/ocsp/ocsp_vfy.c b/lib/libcrypto/ocsp/ocsp_vfy.c index f28571b92fe..80dd54e9584 100644 --- a/lib/libcrypto/ocsp/ocsp_vfy.c +++ b/lib/libcrypto/ocsp/ocsp_vfy.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ocsp_vfy.c,v 1.13 2016/07/05 00:21:47 beck Exp $ */ +/* $OpenBSD: ocsp_vfy.c,v 1.14 2016/11/05 13:27:53 miod Exp $ */ /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL * project 2000. */ @@ -130,7 +130,12 @@ OCSP_basic_verify(OCSP_BASICRESP *bs, STACK_OF(X509) *certs, X509_STORE *st, goto end; } - X509_STORE_CTX_set_purpose(&ctx, X509_PURPOSE_OCSP_HELPER); + if (X509_STORE_CTX_set_purpose(&ctx, + X509_PURPOSE_OCSP_HELPER) == 0) { + X509_STORE_CTX_cleanup(&ctx); + ret = -1; + goto end; + } ret = X509_verify_cert(&ctx); chain = X509_STORE_CTX_get1_chain(&ctx); X509_STORE_CTX_cleanup(&ctx); @@ -423,8 +428,13 @@ OCSP_request_verify(OCSP_REQUEST *req, STACK_OF(X509) *certs, X509_STORE *store, return 0; } - X509_STORE_CTX_set_purpose(&ctx, X509_PURPOSE_OCSP_HELPER); - X509_STORE_CTX_set_trust(&ctx, X509_TRUST_OCSP_REQUEST); + if (X509_STORE_CTX_set_purpose(&ctx, + X509_PURPOSE_OCSP_HELPER) == 0 || + X509_STORE_CTX_set_trust(&ctx, + X509_TRUST_OCSP_REQUEST) == 0) { + X509_STORE_CTX_cleanup(&ctx); + return 0; + } ret = X509_verify_cert(&ctx); X509_STORE_CTX_cleanup(&ctx); if (ret <= 0) { |