Now that it is safe to invoke X509_STORE_CTX_cleanup() if X509_STORE_CTX_init()

fails, check its return value and correctly mop up after ourselves. ok beck@ doug@
author: miod <miod@openbsd.org> 2015-07-19 05:42:55 +0000
committer: miod <miod@openbsd.org> 2015-07-19 05:42:55 +0000
commit: fe95e823e588160f49e671932e17762bfce829c5 (patch)
tree: 1f501753a17bdc810efebe88e6a3d1325fa15b5a /lib/libcrypto/x509/x509_vfy.c
parent: simplify a triple-deep ternary operation. (diff)
download: wireguard-openbsd-fe95e823e588160f49e671932e17762bfce829c5.tar.xz
wireguard-openbsd-fe95e823e588160f49e671932e17762bfce829c5.zip
1 files changed, 5 insertions, 3 deletions
diff --git a/lib/libcrypto/x509/x509_vfy.c b/lib/libcrypto/x509/x509_vfy.c
index bc5905784d2..f2dc356dc8d 100644
--- a/lib/libcrypto/x509/x509_vfy.c
+++ b/lib/libcrypto/x509/x509_vfy.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: x509_vfy.c,v 1.43 2015/07/19 01:44:16 doug Exp $ */
+/* $OpenBSD: x509_vfy.c,v 1.44 2015/07/19 05:42:55 miod Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -1091,8 +1091,10 @@ check_crl_path(X509_STORE_CTX *ctx, X509 *x)
 	/* Don't allow recursive CRL path validation */
 	if (ctx->parent)
 		return 0;
-	if (!X509_STORE_CTX_init(&crl_ctx, ctx->ctx, x, ctx->untrusted))
-		return -1;
+	if (!X509_STORE_CTX_init(&crl_ctx, ctx->ctx, x, ctx->untrusted)) {
+		ret = -1;
+		goto err;
+	}
 
 	crl_ctx.crls = ctx->crls;
 	/* Copy verify params across */
author	miod <miod@openbsd.org>	2015-07-19 05:42:55 +0000
committer	miod <miod@openbsd.org>	2015-07-19 05:42:55 +0000
commit	fe95e823e588160f49e671932e17762bfce829c5 (patch)
tree	1f501753a17bdc810efebe88e6a3d1325fa15b5a /lib/libcrypto/x509/x509_vfy.c
parent	simplify a triple-deep ternary operation. (diff)
download	wireguard-openbsd-fe95e823e588160f49e671932e17762bfce829c5.tar.xz wireguard-openbsd-fe95e823e588160f49e671932e17762bfce829c5.zip