mirror/openssl
2
0
Fork 0
mirror of https://github.com/openssl/openssl.git synced 2025-01-30 14:01:55 +08:00
Code Issues Packages Projects Releases Wiki Activity

CMS_get1_{certs,crls}(): make sure they return NULL only on error

Browse Source 
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18916)
This commit is contained in:
Dr. David von Oheimb 2023-10-04 21:28:04 +02:00 committed by Tomas Mraz
parent 22e08c7cdc
commit cc31db1eb6
2 changed files with 19 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

21
crypto/cms/cms_lib.c
View File

@ -622,12 +622,18 @@ STACK_OF(X509) *CMS_get1_certs(CMS_ContentInfo *cms)
STACK_OF(X509) *certs = NULL;
CMS_CertificateChoices *cch;
STACK_OF(CMS_CertificateChoices) **pcerts;
int i;
int i, n;
pcerts = cms_get0_certificate_choices(cms);
if (pcerts == NULL)
return NULL;
for (i = 0; i < sk_CMS_CertificateChoices_num(*pcerts); i++) {
/* make sure to return NULL only on error */
n = sk_CMS_CertificateChoices_num(*pcerts);
if ((certs = sk_X509_new_reserve(NULL, n)) == NULL)
return NULL;
for (i = 0; i < n; i++) {
cch = sk_CMS_CertificateChoices_value(*pcerts, i);
if (cch->type == 0) {
if (!ossl_x509_add_cert_new(&certs, cch->d.certificate,
@ -638,7 +644,6 @@ STACK_OF(X509) *CMS_get1_certs(CMS_ContentInfo *cms)
}
}
return certs;
}
STACK_OF(X509_CRL) *CMS_get1_crls(CMS_ContentInfo *cms)
@ -646,12 +651,18 @@ STACK_OF(X509_CRL) *CMS_get1_crls(CMS_ContentInfo *cms)
STACK_OF(X509_CRL) *crls = NULL;
STACK_OF(CMS_RevocationInfoChoice) **pcrls;
CMS_RevocationInfoChoice *rch;
int i;
int i, n;
pcrls = cms_get0_revocation_choices(cms);
if (pcrls == NULL)
return NULL;
for (i = 0; i < sk_CMS_RevocationInfoChoice_num(*pcrls); i++) {
/* make sure to return NULL only on error */
n = sk_CMS_RevocationInfoChoice_num(*pcrls);
if ((crls = sk_X509_CRL_new_reserve(NULL, n)) == NULL)
return NULL;
for (i = 0; i < n; i++) {
rch = sk_CMS_RevocationInfoChoice_value(*pcrls, i);
if (rch->type == 0) {
if (crls == NULL) {

5
doc/man3/CMS_add0_cert.pod
View File

@ -57,8 +57,9 @@ For enveloped data they are added to B<OriginatorInfo>.
CMS_add0_cert(), CMS_add1_cert() and CMS_add0_crl() and CMS_add1_crl() return
1 for success and 0 for failure.
CMS_get1_certs() and CMS_get1_crls() return the STACK of certificates or CRLs
or NULL if there are none or an error occurs. The only error which will occur
CMS_get1_certs() and CMS_get1_crls() return the STACK of certificates or CRLs,
which is empty if there are none. They return NULL on error.
Besides out-of-memory, the only error which will occur
in practice is if the I<cms> type is invalid.
=head1 SEE ALSO