summaryrefslogtreecommitdiffstats
path: root/apps/ca.c
diff options
context:
space:
mode:
authorMatt Caswell <matt@openssl.org>2018-02-12 18:43:38 +0100
committerMatt Caswell <matt@openssl.org>2018-02-15 16:24:46 +0100
commitbc2a0dd283c0f61df572b8c2aaf3bfc2dd4b7571 (patch)
treef263250af32e2527cf939321eb861484634fe646 /apps/ca.c
parentIf s->ctx is NULL then this is an internal error (diff)
downloadopenssl-bc2a0dd283c0f61df572b8c2aaf3bfc2dd4b7571.tar.xz
openssl-bc2a0dd283c0f61df572b8c2aaf3bfc2dd4b7571.zip
The function X509_gmtime_adj() can fail
Check for a failure and free a_tm as appropriate. Found by Coverity Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de> (Merged from https://github.com/openssl/openssl/pull/5339)
Diffstat (limited to 'apps/ca.c')
-rw-r--r--apps/ca.c17
1 files changed, 10 insertions, 7 deletions
diff --git a/apps/ca.c b/apps/ca.c
index 0c1605084a..a416f368a8 100644
--- a/apps/ca.c
+++ b/apps/ca.c
@@ -1095,13 +1095,13 @@ end_of_options:
goto end;
tmptm = ASN1_TIME_new();
- if (tmptm == NULL)
- goto end;
- X509_gmtime_adj(tmptm, 0);
- X509_CRL_set1_lastUpdate(crl, tmptm);
- if (!X509_time_adj_ex(tmptm, crldays, crlhours * 60 * 60 + crlsec,
- NULL)) {
+ if (tmptm == NULL
+ || X509_gmtime_adj(tmptm, 0) == NULL
+ || !X509_CRL_set1_lastUpdate(crl, tmptm)
+ || X509_time_adj_ex(tmptm, crldays, crlhours * 60 * 60 + crlsec,
+ NULL) == NULL) {
BIO_puts(bio_err, "error setting CRL nextUpdate\n");
+ ASN1_TIME_free(tmptm);
goto end;
}
X509_CRL_set1_nextUpdate(crl, tmptm);
@@ -2209,7 +2209,10 @@ static int do_updatedb(CA_DB *db)
return -1;
/* get actual time and make a string */
- a_tm = X509_gmtime_adj(a_tm, 0);
+ if (X509_gmtime_adj(a_tm, 0) == NULL) {
+ ASN1_UTCTIME_free(a_tm);
+ return -1;
+ }
a_tm_s = app_malloc(a_tm->length + 1, "time string");
memcpy(a_tm_s, a_tm->data, a_tm->length);