diff options
| author | FdaSilvaYY <fdasilvayy@gmail.com> | 2016-02-14 10:42:29 +0100 |
|---|---|---|
| committer | Matt Caswell <matt@openssl.org> | 2016-05-23 13:43:31 +0100 |
| commit | e5a5e3f3db5832f7ba4eff8016bad00f37dada58 (patch) | |
| tree | 455a6c449e51f7702f5a06fa8cfd817bbed018eb /test/danetest.c | |
| parent | a98810bfac37a77750592611bb9f5a22e4634692 (diff) | |
| download | openssl-e5a5e3f3db5832f7ba4eff8016bad00f37dada58.zip openssl-e5a5e3f3db5832f7ba4eff8016bad00f37dada58.tar.gz openssl-e5a5e3f3db5832f7ba4eff8016bad00f37dada58.tar.bz2 | |
Add checks on CRYPTO_set_ex_data return value
Fix possible leak in danetest.c
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Diffstat (limited to 'test/danetest.c')
| -rw-r--r-- | test/danetest.c | 8 |
1 files changed, 5 insertions, 3 deletions
diff --git a/test/danetest.c b/test/danetest.c index d914c45..d473b12 100644 --- a/test/danetest.c +++ b/test/danetest.c @@ -74,7 +74,7 @@ static void print_errors(void) static int verify_chain(SSL *ssl, STACK_OF(X509) *chain) { - int ret; + int ret = -1; X509_STORE_CTX *store_ctx; SSL_CTX *ssl_ctx = SSL_get_SSL_CTX(ssl); X509_STORE *store = SSL_CTX_get_cert_store(ssl_ctx); @@ -85,8 +85,9 @@ static int verify_chain(SSL *ssl, STACK_OF(X509) *chain) return -1; if (!X509_STORE_CTX_init(store_ctx, store, cert, chain)) - return 0; - X509_STORE_CTX_set_ex_data(store_ctx, store_ctx_idx, ssl); + goto end; + if (!X509_STORE_CTX_set_ex_data(store_ctx, store_ctx_idx, ssl)) + goto end; X509_STORE_CTX_set_default(store_ctx, SSL_is_server(ssl) ? "ssl_client" : "ssl_server"); @@ -101,6 +102,7 @@ static int verify_chain(SSL *ssl, STACK_OF(X509) *chain) SSL_set_verify_result(ssl, X509_STORE_CTX_get_error(store_ctx)); X509_STORE_CTX_cleanup(store_ctx); +end: X509_STORE_CTX_free(store_ctx); return (ret); |