diff options
author | Matt Caswell <matt@openssl.org> | 2018-02-12 18:43:38 +0100 |
---|---|---|
committer | Matt Caswell <matt@openssl.org> | 2018-02-15 16:24:46 +0100 |
commit | bc2a0dd283c0f61df572b8c2aaf3bfc2dd4b7571 (patch) | |
tree | f263250af32e2527cf939321eb861484634fe646 /apps/ca.c | |
parent | If s->ctx is NULL then this is an internal error (diff) | |
download | openssl-bc2a0dd283c0f61df572b8c2aaf3bfc2dd4b7571.tar.xz openssl-bc2a0dd283c0f61df572b8c2aaf3bfc2dd4b7571.zip |
The function X509_gmtime_adj() can fail
Check for a failure and free a_tm as appropriate.
Found by Coverity
Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de>
(Merged from https://github.com/openssl/openssl/pull/5339)
Diffstat (limited to 'apps/ca.c')
-rw-r--r-- | apps/ca.c | 17 |
1 files changed, 10 insertions, 7 deletions
@@ -1095,13 +1095,13 @@ end_of_options: goto end; tmptm = ASN1_TIME_new(); - if (tmptm == NULL) - goto end; - X509_gmtime_adj(tmptm, 0); - X509_CRL_set1_lastUpdate(crl, tmptm); - if (!X509_time_adj_ex(tmptm, crldays, crlhours * 60 * 60 + crlsec, - NULL)) { + if (tmptm == NULL + || X509_gmtime_adj(tmptm, 0) == NULL + || !X509_CRL_set1_lastUpdate(crl, tmptm) + || X509_time_adj_ex(tmptm, crldays, crlhours * 60 * 60 + crlsec, + NULL) == NULL) { BIO_puts(bio_err, "error setting CRL nextUpdate\n"); + ASN1_TIME_free(tmptm); goto end; } X509_CRL_set1_nextUpdate(crl, tmptm); @@ -2209,7 +2209,10 @@ static int do_updatedb(CA_DB *db) return -1; /* get actual time and make a string */ - a_tm = X509_gmtime_adj(a_tm, 0); + if (X509_gmtime_adj(a_tm, 0) == NULL) { + ASN1_UTCTIME_free(a_tm); + return -1; + } a_tm_s = app_malloc(a_tm->length + 1, "time string"); memcpy(a_tm_s, a_tm->data, a_tm->length); |