The branch master has been updated via 0d502c3511ab3b1c8acb129fb3af836727b8092d (commit) via bc2a0dd283c0f61df572b8c2aaf3bfc2dd4b7571 (commit) from c471521243c729d344c2ab641feed7cfb7b8a36d (commit)
- Log ----------------------------------------------------------------- commit 0d502c3511ab3b1c8acb129fb3af836727b8092d Author: Matt Caswell <m...@openssl.org> Date: Mon Feb 12 17:47:50 2018 +0000 Check the return code from ASN1_TIME_diff() The function can fail so we should check the return code. Found by Coverity Reviewed-by: Bernd Edlinger <bernd.edlin...@hotmail.de> (Merged from https://github.com/openssl/openssl/pull/5339) commit bc2a0dd283c0f61df572b8c2aaf3bfc2dd4b7571 Author: Matt Caswell <m...@openssl.org> Date: Mon Feb 12 17:43:38 2018 +0000 The function X509_gmtime_adj() can fail Check for a failure and free a_tm as appropriate. Found by Coverity Reviewed-by: Bernd Edlinger <bernd.edlin...@hotmail.de> (Merged from https://github.com/openssl/openssl/pull/5339) ----------------------------------------------------------------------- Summary of changes: apps/ca.c | 21 +++++++++++++-------- 1 file changed, 13 insertions(+), 8 deletions(-) diff --git a/apps/ca.c b/apps/ca.c index 0c16050..26c0778 100644 --- a/apps/ca.c +++ b/apps/ca.c @@ -1095,13 +1095,13 @@ end_of_options: goto end; tmptm = ASN1_TIME_new(); - if (tmptm == NULL) - goto end; - X509_gmtime_adj(tmptm, 0); - X509_CRL_set1_lastUpdate(crl, tmptm); - if (!X509_time_adj_ex(tmptm, crldays, crlhours * 60 * 60 + crlsec, - NULL)) { + if (tmptm == NULL + || X509_gmtime_adj(tmptm, 0) == NULL + || !X509_CRL_set1_lastUpdate(crl, tmptm) + || X509_time_adj_ex(tmptm, crldays, crlhours * 60 * 60 + crlsec, + NULL) == NULL) { BIO_puts(bio_err, "error setting CRL nextUpdate\n"); + ASN1_TIME_free(tmptm); goto end; } X509_CRL_set1_nextUpdate(crl, tmptm); @@ -1706,7 +1706,9 @@ static int do_body(X509 **xret, EVP_PKEY *pkey, X509 *x509, if (enddate != NULL) { int tdays; - ASN1_TIME_diff(&tdays, NULL, NULL, X509_get0_notAfter(ret)); + + if (!ASN1_TIME_diff(&tdays, NULL, NULL, X509_get0_notAfter(ret))) + goto end; days = tdays; } @@ -2209,7 +2211,10 @@ static int do_updatedb(CA_DB *db) return -1; /* get actual time and make a string */ - a_tm = X509_gmtime_adj(a_tm, 0); + if (X509_gmtime_adj(a_tm, 0) == NULL) { + ASN1_UTCTIME_free(a_tm); + return -1; + } a_tm_s = app_malloc(a_tm->length + 1, "time string"); memcpy(a_tm_s, a_tm->data, a_tm->length); _____ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits