Project homepage Mailing List  Warmcat.com  API Docs  Github Mirror 
{"schema":"libjg2-1", "vpath":"/git/", "avatar":"/git/avatar/", "alang":"", "gen_ut":1753411233, "reponame":"openssl", "desc":"OpenSSL", "owner": { "name": "Andy Green", "email": "andy@warmcat.com", "md5": "c50933ca2aa61e0fe2c43d46bb6b59cb" },"url":"https://warmcat.com/repo/openssl", "f":3, "items": [ {"schema":"libjg2-1", "cid":"2f73a2c5fd44952fd89a0c990a9f18f7", "commit": {"type":"commit", "time": 1524553713, "time_ofs": 120, "oid_tree": { "oid": "85e3b2f53438b4b53a8c94081f8283d78d8c2c93", "alias": []}, "oid":{ "oid": "7fcdbd839c629f5419a49bf8da28c968c8140c3d", "alias": []}, "msg": "X509: add more error codes on malloc or sk_TYP_push failure", "sig_commit": { "git_time": { "time": 1524553713, "offset": 120 }, "name": "Dr. Matthias St. Pierre", "email": "Matthias.St.Pierre@ncp-e.com", "md5": "7d700d548b38974b2492f8ff219793b3" }, "sig_author": { "git_time": { "time": 1522269151, "offset": 120 }, "name": "FdaSilvaYY", "email": "fdasilvayy@gmail.com", "md5": "aa048db1fe1abb73416dee77b8d18f7f" }}, "body": "X509: add more error codes on malloc or sk_TYP_push failure\n\nReviewed-by: Rich Salz \u003crsalz@openssl.org\u003e\nReviewed-by: Matthias St. Pierre \u003cMatthias.St.Pierre@ncp-e.com\u003e\n(Merged from https://github.com/openssl/openssl/pull/5837)\n" , "diff": "diff --git a/crypto/err/openssl.txt b/crypto/err/openssl.txt\nindex be03aeb..d62968e 100644\n--- a/crypto/err/openssl.txt\n+++ b/crypto/err/openssl.txt\n@@ -1587,8 +1587,12 @@ X509V3_F_I2S_ASN1_ENUMERATED:121:i2s_ASN1_ENUMERATED\n X509V3_F_I2S_ASN1_IA5STRING:149:i2s_ASN1_IA5STRING\n X509V3_F_I2S_ASN1_INTEGER:120:i2s_ASN1_INTEGER\n X509V3_F_I2V_AUTHORITY_INFO_ACCESS:138:i2v_AUTHORITY_INFO_ACCESS\n+X509V3_F_LEVEL_ADD_NODE:168:level_add_node\n X509V3_F_NOTICE_SECTION:132:notice_section\n X509V3_F_NREF_NOS:133:nref_nos\n+X509V3_F_POLICY_CACHE_CREATE:169:policy_cache_create\n+X509V3_F_POLICY_CACHE_NEW:170:policy_cache_new\n+X509V3_F_POLICY_DATA_NEW:171:policy_data_new\n X509V3_F_POLICY_SECTION:131:policy_section\n X509V3_F_PROCESS_PCI_VALUE:150:process_pci_value\n X509V3_F_R2I_CERTPOL:130:r2i_certpol\n@@ -1641,8 +1645,11 @@ X509_F_CHECK_POLICY:145:check_policy\n X509_F_DANE_I2D:107:dane_i2d\n X509_F_DIR_CTRL:102:dir_ctrl\n X509_F_GET_CERT_BY_SUBJECT:103:get_cert_by_subject\n+X509_F_I2D_X509_AUX:151:i2d_X509_AUX\n+X509_F_LOOKUP_CERTS_SK:152:lookup_certs_sk\n X509_F_NETSCAPE_SPKI_B64_DECODE:129:NETSCAPE_SPKI_b64_decode\n X509_F_NETSCAPE_SPKI_B64_ENCODE:130:NETSCAPE_SPKI_b64_encode\n+X509_F_NEW_DIR:153:new_dir\n X509_F_X509AT_ADD1_ATTR:135:X509at_add1_attr\n X509_F_X509V3_ADD_EXT:104:X509v3_add_ext\n X509_F_X509_ATTRIBUTE_CREATE_BY_NID:136:X509_ATTRIBUTE_create_by_NID\n@@ -1652,6 +1659,7 @@ X509_F_X509_ATTRIBUTE_GET0_DATA:139:X509_ATTRIBUTE_get0_data\n X509_F_X509_ATTRIBUTE_SET1_DATA:138:X509_ATTRIBUTE_set1_data\n X509_F_X509_CHECK_PRIVATE_KEY:128:X509_check_private_key\n X509_F_X509_CRL_DIFF:105:X509_CRL_diff\n+X509_F_X509_CRL_METHOD_NEW:154:X509_CRL_METHOD_new\n X509_F_X509_CRL_PRINT_FP:147:X509_CRL_print_fp\n X509_F_X509_EXTENSION_CREATE_BY_NID:108:X509_EXTENSION_create_by_NID\n X509_F_X509_EXTENSION_CREATE_BY_OBJ:109:X509_EXTENSION_create_by_OBJ\n@@ -1659,7 +1667,9 @@ X509_F_X509_GET_PUBKEY_PARAMETERS:110:X509_get_pubkey_parameters\n X509_F_X509_LOAD_CERT_CRL_FILE:132:X509_load_cert_crl_file\n X509_F_X509_LOAD_CERT_FILE:111:X509_load_cert_file\n X509_F_X509_LOAD_CRL_FILE:112:X509_load_crl_file\n+X509_F_X509_LOOKUP_NEW:155:X509_LOOKUP_new\n X509_F_X509_NAME_ADD_ENTRY:113:X509_NAME_add_entry\n+X509_F_X509_NAME_CANON:156:x509_name_canon\n X509_F_X509_NAME_ENTRY_CREATE_BY_NID:114:X509_NAME_ENTRY_create_by_NID\n X509_F_X509_NAME_ENTRY_CREATE_BY_TXT:131:X509_NAME_ENTRY_create_by_txt\n X509_F_X509_NAME_ENTRY_SET_OBJECT:115:X509_NAME_ENTRY_set_object\n@@ -1676,10 +1686,12 @@ X509_F_X509_REQ_PRINT_FP:122:X509_REQ_print_fp\n X509_F_X509_REQ_TO_X509:123:X509_REQ_to_X509\n X509_F_X509_STORE_ADD_CERT:124:X509_STORE_add_cert\n X509_F_X509_STORE_ADD_CRL:125:X509_STORE_add_crl\n+X509_F_X509_STORE_ADD_LOOKUP:157:X509_STORE_add_lookup\n X509_F_X509_STORE_CTX_GET1_ISSUER:146:X509_STORE_CTX_get1_issuer\n X509_F_X509_STORE_CTX_INIT:143:X509_STORE_CTX_init\n X509_F_X509_STORE_CTX_NEW:142:X509_STORE_CTX_new\n X509_F_X509_STORE_CTX_PURPOSE_INHERIT:134:X509_STORE_CTX_purpose_inherit\n+X509_F_X509_STORE_NEW:158:X509_STORE_new\n X509_F_X509_TO_X509_REQ:126:X509_to_X509_REQ\n X509_F_X509_TRUST_ADD:133:X509_TRUST_add\n X509_F_X509_TRUST_SET:141:X509_TRUST_set\ndiff --git a/crypto/x509/by_dir.c b/crypto/x509/by_dir.c\nindex f64cf38..f213eec 100644\n--- a/crypto/x509/by_dir.c\n+++ b/crypto/x509/by_dir.c\n@@ -48,7 +48,7 @@ static int get_cert_by_subject(X509_LOOKUP *xl, X509_LOOKUP_TYPE type,\n X509_NAME *name, X509_OBJECT *ret);\n static X509_LOOKUP_METHOD x509_dir_lookup \u003d {\n \u0022Load certs from files in a directory\u0022,\n- new_dir, /* new */\n+ new_dir, /* new_item */\n free_dir, /* free */\n NULL, /* init */\n NULL, /* shutdown */\n@@ -68,15 +68,13 @@ static int dir_ctrl(X509_LOOKUP *ctx, int cmd, const char *argp, long argl,\n char **retp)\n {\n int ret \u003d 0;\n- BY_DIR *ld;\n- char *dir \u003d NULL;\n-\n- ld \u003d (BY_DIR *)ctx-\u003emethod_data;\n+ BY_DIR *ld \u003d (BY_DIR *)ctx-\u003emethod_data;\n \n switch (cmd) {\n case X509_L_ADD_DIR:\n if (argl \u003d\u003d X509_FILETYPE_DEFAULT) {\n- dir \u003d (char *)getenv(X509_get_default_cert_dir_env());\n+ const char *dir \u003d getenv(X509_get_default_cert_dir_env());\n+\n if (dir)\n ret \u003d add_cert_dir(ld, dir, X509_FILETYPE_PEM);\n else\n@@ -94,23 +92,30 @@ static int dir_ctrl(X509_LOOKUP *ctx, int cmd, const char *argp, long argl,\n \n static int new_dir(X509_LOOKUP *lu)\n {\n- BY_DIR *a;\n+ BY_DIR *a \u003d OPENSSL_malloc(sizeof(*a));\n \n- if ((a \u003d OPENSSL_malloc(sizeof(*a))) \u003d\u003d NULL)\n+ if (a \u003d\u003d NULL) {\n+ X509err(X509_F_NEW_DIR, ERR_R_MALLOC_FAILURE);\n return 0;\n+ }\n+\n if ((a-\u003ebuffer \u003d BUF_MEM_new()) \u003d\u003d NULL) {\n- OPENSSL_free(a);\n- return 0;\n+ X509err(X509_F_NEW_DIR, ERR_R_MALLOC_FAILURE);\n+ goto err;\n }\n a-\u003edirs \u003d NULL;\n a-\u003elock \u003d CRYPTO_THREAD_lock_new();\n if (a-\u003elock \u003d\u003d NULL) {\n BUF_MEM_free(a-\u003ebuffer);\n- OPENSSL_free(a);\n- return 0;\n+ X509err(X509_F_NEW_DIR, ERR_R_MALLOC_FAILURE);\n+ goto err;\n }\n lu-\u003emethod_data \u003d (char *)a;\n return 1;\n+\n+ err:\n+ OPENSSL_free(a);\n+ return 0;\n }\n \n static void by_dir_hash_free(BY_DIR_HASH *hash)\n@@ -137,9 +142,8 @@ static void by_dir_entry_free(BY_DIR_ENTRY *ent)\n \n static void free_dir(X509_LOOKUP *lu)\n {\n- BY_DIR *a;\n+ BY_DIR *a \u003d (BY_DIR *)lu-\u003emethod_data;\n \n- a \u003d (BY_DIR *)lu-\u003emethod_data;\n sk_BY_DIR_ENTRY_pop_free(a-\u003edirs, by_dir_entry_free);\n BUF_MEM_free(a-\u003ebuffer);\n CRYPTO_THREAD_lock_free(a-\u003elock);\n@@ -162,6 +166,7 @@ static int add_cert_dir(BY_DIR *ctx, const char *dir, int type)\n do {\n if ((*p \u003d\u003d LIST_SEPARATOR_CHAR) || (*p \u003d\u003d '\u005c0')) {\n BY_DIR_ENTRY *ent;\n+\n ss \u003d s;\n s \u003d p + 1;\n len \u003d p - ss;\n@@ -182,8 +187,10 @@ static int add_cert_dir(BY_DIR *ctx, const char *dir, int type)\n }\n }\n ent \u003d OPENSSL_malloc(sizeof(*ent));\n- if (ent \u003d\u003d NULL)\n+ if (ent \u003d\u003d NULL) {\n+ X509err(X509_F_ADD_CERT_DIR, ERR_R_MALLOC_FAILURE);\n return 0;\n+ }\n ent-\u003edir_type \u003d type;\n ent-\u003ehashes \u003d sk_BY_DIR_HASH_new(by_dir_hash_cmp);\n ent-\u003edir \u003d OPENSSL_strndup(ss, len);\n@@ -193,6 +200,7 @@ static int add_cert_dir(BY_DIR *ctx, const char *dir, int type)\n }\n if (!sk_BY_DIR_ENTRY_push(ctx-\u003edirs, ent)) {\n by_dir_entry_free(ent);\n+ X509err(X509_F_ADD_CERT_DIR, ERR_R_MALLOC_FAILURE);\n return 0;\n }\n }\n@@ -244,6 +252,7 @@ static int get_cert_by_subject(X509_LOOKUP *xl, X509_LOOKUP_TYPE type,\n BY_DIR_ENTRY *ent;\n int idx;\n BY_DIR_HASH htmp, *hent;\n+\n ent \u003d sk_BY_DIR_ENTRY_value(ctx-\u003edirs, i);\n j \u003d strlen(ent-\u003edir) + 1 + 8 + 6 + 1 + 1;\n if (!BUF_MEM_grow(b, j)) {\n@@ -340,7 +349,7 @@ static int get_cert_by_subject(X509_LOOKUP *xl, X509_LOOKUP_TYPE type,\n if (idx \u003e\u003d 0)\n hent \u003d sk_BY_DIR_HASH_value(ent-\u003ehashes, idx);\n }\n- if (!hent) {\n+ if (hent \u003d\u003d NULL) {\n hent \u003d OPENSSL_malloc(sizeof(*hent));\n if (hent \u003d\u003d NULL) {\n CRYPTO_THREAD_unlock(ctx-\u003elock);\n@@ -353,6 +362,7 @@ static int get_cert_by_subject(X509_LOOKUP *xl, X509_LOOKUP_TYPE type,\n if (!sk_BY_DIR_HASH_push(ent-\u003ehashes, hent)) {\n CRYPTO_THREAD_unlock(ctx-\u003elock);\n OPENSSL_free(hent);\n+ X509err(X509_F_GET_CERT_BY_SUBJECT, ERR_R_MALLOC_FAILURE);\n ok \u003d 0;\n goto finish;\n }\ndiff --git a/crypto/x509/by_file.c b/crypto/x509/by_file.c\nindex 52955b6..bd39ecb 100644\n--- a/crypto/x509/by_file.c\n+++ b/crypto/x509/by_file.c\n@@ -21,7 +21,7 @@ static int by_file_ctrl(X509_LOOKUP *ctx, int cmd, const char *argc,\n long argl, char **ret);\n static X509_LOOKUP_METHOD x509_file_lookup \u003d {\n \u0022Load file into cache\u0022,\n- NULL, /* new */\n+ NULL, /* new_item */\n NULL, /* free */\n NULL, /* init */\n NULL, /* shutdown */\ndiff --git a/crypto/x509/x509_err.c b/crypto/x509/x509_err.c\nindex 84c726f..7b9f505 100644\n--- a/crypto/x509/x509_err.c\n+++ b/crypto/x509/x509_err.c\n@@ -1,6 +1,6 @@\n /*\n * Generated by util/mkerr.pl DO NOT EDIT\n- * Copyright 1995-2017 The OpenSSL Project Authors. All Rights Reserved.\n+ * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.\n *\n * Licensed under the OpenSSL license (the \u0022License\u0022). You may not use\n * this file except in compliance with the License. You can obtain a copy\n@@ -24,10 +24,13 @@ static const ERR_STRING_DATA X509_str_functs[] \u003d {\n {ERR_PACK(ERR_LIB_X509, X509_F_DIR_CTRL, 0), \u0022dir_ctrl\u0022},\n {ERR_PACK(ERR_LIB_X509, X509_F_GET_CERT_BY_SUBJECT, 0),\n \u0022get_cert_by_subject\u0022},\n+ {ERR_PACK(ERR_LIB_X509, X509_F_I2D_X509_AUX, 0), \u0022i2d_X509_AUX\u0022},\n+ {ERR_PACK(ERR_LIB_X509, X509_F_LOOKUP_CERTS_SK, 0), \u0022lookup_certs_sk\u0022},\n {ERR_PACK(ERR_LIB_X509, X509_F_NETSCAPE_SPKI_B64_DECODE, 0),\n \u0022NETSCAPE_SPKI_b64_decode\u0022},\n {ERR_PACK(ERR_LIB_X509, X509_F_NETSCAPE_SPKI_B64_ENCODE, 0),\n \u0022NETSCAPE_SPKI_b64_encode\u0022},\n+ {ERR_PACK(ERR_LIB_X509, X509_F_NEW_DIR, 0), \u0022new_dir\u0022},\n {ERR_PACK(ERR_LIB_X509, X509_F_X509AT_ADD1_ATTR, 0), \u0022X509at_add1_attr\u0022},\n {ERR_PACK(ERR_LIB_X509, X509_F_X509V3_ADD_EXT, 0), \u0022X509v3_add_ext\u0022},\n {ERR_PACK(ERR_LIB_X509, X509_F_X509_ATTRIBUTE_CREATE_BY_NID, 0),\n@@ -43,6 +46,8 @@ static const ERR_STRING_DATA X509_str_functs[] \u003d {\n {ERR_PACK(ERR_LIB_X509, X509_F_X509_CHECK_PRIVATE_KEY, 0),\n \u0022X509_check_private_key\u0022},\n {ERR_PACK(ERR_LIB_X509, X509_F_X509_CRL_DIFF, 0), \u0022X509_CRL_diff\u0022},\n+ {ERR_PACK(ERR_LIB_X509, X509_F_X509_CRL_METHOD_NEW, 0),\n+ \u0022X509_CRL_METHOD_new\u0022},\n {ERR_PACK(ERR_LIB_X509, X509_F_X509_CRL_PRINT_FP, 0), \u0022X509_CRL_print_fp\u0022},\n {ERR_PACK(ERR_LIB_X509, X509_F_X509_EXTENSION_CREATE_BY_NID, 0),\n \u0022X509_EXTENSION_create_by_NID\u0022},\n@@ -56,8 +61,10 @@ static const ERR_STRING_DATA X509_str_functs[] \u003d {\n \u0022X509_load_cert_file\u0022},\n {ERR_PACK(ERR_LIB_X509, X509_F_X509_LOAD_CRL_FILE, 0),\n \u0022X509_load_crl_file\u0022},\n+ {ERR_PACK(ERR_LIB_X509, X509_F_X509_LOOKUP_NEW, 0), \u0022X509_LOOKUP_new\u0022},\n {ERR_PACK(ERR_LIB_X509, X509_F_X509_NAME_ADD_ENTRY, 0),\n \u0022X509_NAME_add_entry\u0022},\n+ {ERR_PACK(ERR_LIB_X509, X509_F_X509_NAME_CANON, 0), \u0022x509_name_canon\u0022},\n {ERR_PACK(ERR_LIB_X509, X509_F_X509_NAME_ENTRY_CREATE_BY_NID, 0),\n \u0022X509_NAME_ENTRY_create_by_NID\u0022},\n {ERR_PACK(ERR_LIB_X509, X509_F_X509_NAME_ENTRY_CREATE_BY_TXT, 0),\n@@ -81,6 +88,8 @@ static const ERR_STRING_DATA X509_str_functs[] \u003d {\n \u0022X509_STORE_add_cert\u0022},\n {ERR_PACK(ERR_LIB_X509, X509_F_X509_STORE_ADD_CRL, 0),\n \u0022X509_STORE_add_crl\u0022},\n+ {ERR_PACK(ERR_LIB_X509, X509_F_X509_STORE_ADD_LOOKUP, 0),\n+ \u0022X509_STORE_add_lookup\u0022},\n {ERR_PACK(ERR_LIB_X509, X509_F_X509_STORE_CTX_GET1_ISSUER, 0),\n \u0022X509_STORE_CTX_get1_issuer\u0022},\n {ERR_PACK(ERR_LIB_X509, X509_F_X509_STORE_CTX_INIT, 0),\n@@ -89,6 +98,7 @@ static const ERR_STRING_DATA X509_str_functs[] \u003d {\n \u0022X509_STORE_CTX_new\u0022},\n {ERR_PACK(ERR_LIB_X509, X509_F_X509_STORE_CTX_PURPOSE_INHERIT, 0),\n \u0022X509_STORE_CTX_purpose_inherit\u0022},\n+ {ERR_PACK(ERR_LIB_X509, X509_F_X509_STORE_NEW, 0), \u0022X509_STORE_new\u0022},\n {ERR_PACK(ERR_LIB_X509, X509_F_X509_TO_X509_REQ, 0), \u0022X509_to_X509_REQ\u0022},\n {ERR_PACK(ERR_LIB_X509, X509_F_X509_TRUST_ADD, 0), \u0022X509_TRUST_add\u0022},\n {ERR_PACK(ERR_LIB_X509, X509_F_X509_TRUST_SET, 0), \u0022X509_TRUST_set\u0022},\ndiff --git a/crypto/x509/x509_lu.c b/crypto/x509/x509_lu.c\nindex 7407005..fbeed01 100644\n--- a/crypto/x509/x509_lu.c\n+++ b/crypto/x509/x509_lu.c\n@@ -17,14 +17,15 @@\n \n X509_LOOKUP *X509_LOOKUP_new(X509_LOOKUP_METHOD *method)\n {\n- X509_LOOKUP *ret;\n+ X509_LOOKUP *ret \u003d OPENSSL_zalloc(sizeof(*ret));\n \n- ret \u003d OPENSSL_zalloc(sizeof(*ret));\n- if (ret \u003d\u003d NULL)\n+ if (ret \u003d\u003d NULL) {\n+ X509err(X509_F_X509_LOOKUP_NEW, ERR_R_MALLOC_FAILURE);\n return NULL;\n+ }\n \n ret-\u003emethod \u003d method;\n- if ((method-\u003enew_item !\u003d NULL) \u0026\u0026 !method-\u003enew_item(ret)) {\n+ if (method-\u003enew_item !\u003d NULL \u0026\u0026 method-\u003enew_item(ret) \u003d\u003d 0) {\n OPENSSL_free(ret);\n return NULL;\n }\n@@ -141,25 +142,36 @@ static int x509_object_cmp(const X509_OBJECT *const *a,\n \n X509_STORE *X509_STORE_new(void)\n {\n- X509_STORE *ret;\n+ X509_STORE *ret \u003d OPENSSL_zalloc(sizeof(*ret));\n \n- if ((ret \u003d OPENSSL_zalloc(sizeof(*ret))) \u003d\u003d NULL)\n+ if (ret \u003d\u003d NULL) {\n+ X509err(X509_F_X509_STORE_NEW, ERR_R_MALLOC_FAILURE);\n return NULL;\n- if ((ret-\u003eobjs \u003d sk_X509_OBJECT_new(x509_object_cmp)) \u003d\u003d NULL)\n+ }\n+ if ((ret-\u003eobjs \u003d sk_X509_OBJECT_new(x509_object_cmp)) \u003d\u003d NULL) {\n+ X509err(X509_F_X509_STORE_NEW, ERR_R_MALLOC_FAILURE);\n goto err;\n+ }\n ret-\u003ecache \u003d 1;\n- if ((ret-\u003eget_cert_methods \u003d sk_X509_LOOKUP_new_null()) \u003d\u003d NULL)\n+ if ((ret-\u003eget_cert_methods \u003d sk_X509_LOOKUP_new_null()) \u003d\u003d NULL) {\n+ X509err(X509_F_X509_STORE_NEW, ERR_R_MALLOC_FAILURE);\n goto err;\n+ }\n \n- if ((ret-\u003eparam \u003d X509_VERIFY_PARAM_new()) \u003d\u003d NULL)\n+ if ((ret-\u003eparam \u003d X509_VERIFY_PARAM_new()) \u003d\u003d NULL) {\n+ X509err(X509_F_X509_STORE_NEW, ERR_R_MALLOC_FAILURE);\n goto err;\n-\n- if (!CRYPTO_new_ex_data(CRYPTO_EX_INDEX_X509_STORE, ret, \u0026ret-\u003eex_data))\n+ }\n+ if (!CRYPTO_new_ex_data(CRYPTO_EX_INDEX_X509_STORE, ret, \u0026ret-\u003eex_data)) {\n+ X509err(X509_F_X509_STORE_NEW, ERR_R_MALLOC_FAILURE);\n goto err;\n+ }\n \n ret-\u003elock \u003d CRYPTO_THREAD_lock_new();\n- if (ret-\u003elock \u003d\u003d NULL)\n+ if (ret-\u003elock \u003d\u003d NULL) {\n+ X509err(X509_F_X509_STORE_NEW, ERR_R_MALLOC_FAILURE);\n goto err;\n+ }\n \n ret-\u003ereferences \u003d 1;\n return ret;\n@@ -228,17 +240,18 @@ X509_LOOKUP *X509_STORE_add_lookup(X509_STORE *v, X509_LOOKUP_METHOD *m)\n }\n /* a new one */\n lu \u003d X509_LOOKUP_new(m);\n- if (lu \u003d\u003d NULL)\n+ if (lu \u003d\u003d NULL) {\n+ X509err(X509_F_X509_STORE_ADD_LOOKUP, ERR_R_MALLOC_FAILURE);\n return NULL;\n- else {\n- lu-\u003estore_ctx \u003d v;\n- if (sk_X509_LOOKUP_push(v-\u003eget_cert_methods, lu))\n- return lu;\n- else {\n- X509_LOOKUP_free(lu);\n- return NULL;\n- }\n }\n+\n+ lu-\u003estore_ctx \u003d v;\n+ if (sk_X509_LOOKUP_push(v-\u003eget_cert_methods, lu))\n+ return lu;\n+ /* malloc failed */\n+ X509err(X509_F_X509_STORE_ADD_LOOKUP, ERR_R_MALLOC_FAILURE);\n+ X509_LOOKUP_free(lu);\n+ return NULL;\n }\n \n X509_OBJECT *X509_STORE_CTX_get_obj_by_subject(X509_STORE_CTX *vs,\ndiff --git a/crypto/x509/x509_vfy.c b/crypto/x509/x509_vfy.c\nindex 9ebda1b..fd8ecfa 100644\n--- a/crypto/x509/x509_vfy.c\n+++ b/crypto/x509/x509_vfy.c\n@@ -366,6 +366,7 @@ static STACK_OF(X509) *lookup_certs_sk(X509_STORE_CTX *ctx, X509_NAME *nm)\n STACK_OF(X509) *sk \u003d NULL;\n X509 *x;\n int i;\n+\n for (i \u003d 0; i \u003c sk_X509_num(ctx-\u003eother_ctx); i++) {\n x \u003d sk_X509_value(ctx-\u003eother_ctx, i);\n if (X509_NAME_cmp(nm, X509_get_subject_name(x)) \u003d\u003d 0) {\n@@ -373,6 +374,8 @@ static STACK_OF(X509) *lookup_certs_sk(X509_STORE_CTX *ctx, X509_NAME *nm)\n sk \u003d sk_X509_new_null();\n if (sk \u003d\u003d NULL || sk_X509_push(sk, x) \u003d\u003d 0) {\n sk_X509_pop_free(sk, X509_free);\n+ X509err(X509_F_LOOKUP_CERTS_SK, ERR_R_MALLOC_FAILURE);\n+ ctx-\u003eerror \u003d X509_V_ERR_OUT_OF_MEM;\n return NULL;\n }\n X509_up_ref(x);\ndiff --git a/crypto/x509/x_crl.c b/crypto/x509/x_crl.c\nindex dbed850..5098b5f 100644\n--- a/crypto/x509/x_crl.c\n+++ b/crypto/x509/x_crl.c\n@@ -309,6 +309,7 @@ static int X509_REVOKED_cmp(const X509_REVOKED *const *a,\n int X509_CRL_add0_revoked(X509_CRL *crl, X509_REVOKED *rev)\n {\n X509_CRL_INFO *inf;\n+\n inf \u003d \u0026crl-\u003ecrl;\n if (inf-\u003erevoked \u003d\u003d NULL)\n inf-\u003erevoked \u003d sk_X509_REVOKED_new(X509_REVOKED_cmp);\n@@ -429,10 +430,12 @@ X509_CRL_METHOD *X509_CRL_METHOD_new(int (*crl_init) (X509_CRL *crl),\n int (*crl_verify) (X509_CRL *crl,\n EVP_PKEY *pk))\n {\n- X509_CRL_METHOD *m;\n- m \u003d OPENSSL_malloc(sizeof(*m));\n- if (m \u003d\u003d NULL)\n+ X509_CRL_METHOD *m \u003d OPENSSL_malloc(sizeof(*m));\n+\n+ if (m \u003d\u003d NULL) {\n+ X509err(X509_F_X509_CRL_METHOD_NEW, ERR_R_MALLOC_FAILURE);\n return NULL;\n+ }\n m-\u003ecrl_init \u003d crl_init;\n m-\u003ecrl_free \u003d crl_free;\n m-\u003ecrl_lookup \u003d crl_lookup;\ndiff --git a/crypto/x509/x_name.c b/crypto/x509/x_name.c\nindex d36a9d3..a30b5e1 100644\n--- a/crypto/x509/x_name.c\n+++ b/crypto/x509/x_name.c\n@@ -300,7 +300,7 @@ static int x509_name_ex_print(BIO *out, ASN1_VALUE **pval,\n static int x509_name_canon(X509_NAME *a)\n {\n unsigned char *p;\n- STACK_OF(STACK_OF_X509_NAME_ENTRY) *intname \u003d NULL;\n+ STACK_OF(STACK_OF_X509_NAME_ENTRY) *intname;\n STACK_OF(X509_NAME_ENTRY) *entries \u003d NULL;\n X509_NAME_ENTRY *entry, *tmpentry \u003d NULL;\n int i, set \u003d -1, ret \u003d 0, len;\n@@ -313,44 +313,53 @@ static int x509_name_canon(X509_NAME *a)\n return 1;\n }\n intname \u003d sk_STACK_OF_X509_NAME_ENTRY_new_null();\n- if (!intname)\n+ if (intname \u003d\u003d NULL) {\n+ X509err(X509_F_X509_NAME_CANON, ERR_R_MALLOC_FAILURE);\n goto err;\n+ }\n for (i \u003d 0; i \u003c sk_X509_NAME_ENTRY_num(a-\u003eentries); i++) {\n entry \u003d sk_X509_NAME_ENTRY_value(a-\u003eentries, i);\n if (entry-\u003eset !\u003d set) {\n entries \u003d sk_X509_NAME_ENTRY_new_null();\n- if (!entries)\n+ if (entries \u003d\u003d NULL)\n goto err;\n if (!sk_STACK_OF_X509_NAME_ENTRY_push(intname, entries)) {\n sk_X509_NAME_ENTRY_free(entries);\n+ X509err(X509_F_X509_NAME_CANON, ERR_R_MALLOC_FAILURE);\n goto err;\n }\n set \u003d entry-\u003eset;\n }\n tmpentry \u003d X509_NAME_ENTRY_new();\n- if (tmpentry \u003d\u003d NULL)\n+ if (tmpentry \u003d\u003d NULL) {\n+ X509err(X509_F_X509_NAME_CANON, ERR_R_MALLOC_FAILURE);\n goto err;\n+ }\n tmpentry-\u003eobject \u003d OBJ_dup(entry-\u003eobject);\n- if (tmpentry-\u003eobject \u003d\u003d NULL)\n+ if (tmpentry-\u003eobject \u003d\u003d NULL) {\n+ X509err(X509_F_X509_NAME_CANON, ERR_R_MALLOC_FAILURE);\n goto err;\n+ }\n if (!asn1_string_canon(tmpentry-\u003evalue, entry-\u003evalue))\n goto err;\n- if (!sk_X509_NAME_ENTRY_push(entries, tmpentry))\n+ if (!sk_X509_NAME_ENTRY_push(entries, tmpentry)) {\n+ X509err(X509_F_X509_NAME_CANON, ERR_R_MALLOC_FAILURE);\n goto err;\n+ }\n tmpentry \u003d NULL;\n }\n \n /* Finally generate encoding */\n-\n len \u003d i2d_name_canon(intname, NULL);\n if (len \u003c 0)\n goto err;\n a-\u003ecanon_enclen \u003d len;\n \n p \u003d OPENSSL_malloc(a-\u003ecanon_enclen);\n-\n- if (p \u003d\u003d NULL)\n+ if (p \u003d\u003d NULL) {\n+ X509err(X509_F_X509_NAME_CANON, ERR_R_MALLOC_FAILURE);\n goto err;\n+ }\n \n a-\u003ecanon_enc \u003d p;\n \n@@ -359,7 +368,6 @@ static int x509_name_canon(X509_NAME *a)\n ret \u003d 1;\n \n err:\n-\n X509_NAME_ENTRY_free(tmpentry);\n sk_STACK_OF_X509_NAME_ENTRY_pop_free(intname,\n local_sk_X509_NAME_ENTRY_pop_free);\ndiff --git a/crypto/x509/x_pubkey.c b/crypto/x509/x_pubkey.c\nindex 73977cd..8616297 100644\n--- a/crypto/x509/x_pubkey.c\n+++ b/crypto/x509/x_pubkey.c\n@@ -101,7 +101,7 @@ int X509_PUBKEY_set(X509_PUBKEY **x, EVP_PKEY *pkey)\n \n \n static int x509_pubkey_decode(EVP_PKEY **ppkey, X509_PUBKEY *key)\n- {\n+{\n EVP_PKEY *pkey \u003d EVP_PKEY_new();\n \n if (pkey \u003d\u003d NULL) {\ndiff --git a/crypto/x509/x_x509.c b/crypto/x509/x_x509.c\nindex c28fdda..cf71180 100644\n--- a/crypto/x509/x_x509.c\n+++ b/crypto/x509/x_x509.c\n@@ -189,8 +189,10 @@ int i2d_X509_AUX(X509 *a, unsigned char **pp)\n \n /* Allocate requisite combined storage */\n *pp \u003d tmp \u003d OPENSSL_malloc(length);\n- if (tmp \u003d\u003d NULL)\n- return -1; /* Push error onto error stack? */\n+ if (tmp \u003d\u003d NULL) {\n+ X509err(X509_F_I2D_X509_AUX, ERR_R_MALLOC_FAILURE);\n+ return -1;\n+ }\n \n /* Encode, but keep *pp at the originally malloced pointer */\n length \u003d i2d_x509_aux_internal(a, \u0026tmp);\ndiff --git a/crypto/x509v3/pcy_cache.c b/crypto/x509v3/pcy_cache.c\nindex a9ee30a..0f506ac 100644\n--- a/crypto/x509v3/pcy_cache.c\n+++ b/crypto/x509v3/pcy_cache.c\n@@ -26,21 +26,25 @@ static int policy_cache_set_int(long *out, ASN1_INTEGER *value);\n static int policy_cache_create(X509 *x,\n CERTIFICATEPOLICIES *policies, int crit)\n {\n- int i;\n- int ret \u003d 0;\n+ int i, ret \u003d 0;\n X509_POLICY_CACHE *cache \u003d x-\u003epolicy_cache;\n X509_POLICY_DATA *data \u003d NULL;\n POLICYINFO *policy;\n+\n if (sk_POLICYINFO_num(policies) \u003d\u003d 0)\n goto bad_policy;\n cache-\u003edata \u003d sk_X509_POLICY_DATA_new(policy_data_cmp);\n- if (cache-\u003edata \u003d\u003d NULL)\n- goto bad_policy;\n+ if (cache-\u003edata \u003d\u003d NULL) {\n+ X509V3err(X509V3_F_POLICY_CACHE_CREATE, ERR_R_MALLOC_FAILURE);\n+ goto just_cleanup;\n+ }\n for (i \u003d 0; i \u003c sk_POLICYINFO_num(policies); i++) {\n policy \u003d sk_POLICYINFO_value(policies, i);\n data \u003d policy_data_new(policy, NULL, crit);\n- if (data \u003d\u003d NULL)\n- goto bad_policy;\n+ if (data \u003d\u003d NULL) {\n+ X509V3err(X509V3_F_POLICY_CACHE_CREATE, ERR_R_MALLOC_FAILURE);\n+ goto just_cleanup;\n+ }\n /*\n * Duplicate policy OIDs are illegal: reject if matches found.\n */\n@@ -53,15 +57,19 @@ static int policy_cache_create(X509 *x,\n } else if (sk_X509_POLICY_DATA_find(cache-\u003edata, data) !\u003d -1) {\n ret \u003d -1;\n goto bad_policy;\n- } else if (!sk_X509_POLICY_DATA_push(cache-\u003edata, data))\n+ } else if (!sk_X509_POLICY_DATA_push(cache-\u003edata, data)) {\n+ X509V3err(X509V3_F_POLICY_CACHE_CREATE, ERR_R_MALLOC_FAILURE);\n goto bad_policy;\n+ }\n data \u003d NULL;\n }\n ret \u003d 1;\n+\n bad_policy:\n if (ret \u003d\u003d -1)\n x-\u003eex_flags |\u003d EXFLAG_INVALID_POLICY;\n policy_data_free(data);\n+ just_cleanup:\n sk_POLICYINFO_pop_free(policies, POLICYINFO_free);\n if (ret \u003c\u003d 0) {\n sk_X509_POLICY_DATA_pop_free(cache-\u003edata, policy_data_free);\n@@ -82,8 +90,10 @@ static int policy_cache_new(X509 *x)\n if (x-\u003epolicy_cache !\u003d NULL)\n return 1;\n cache \u003d OPENSSL_malloc(sizeof(*cache));\n- if (cache \u003d\u003d NULL)\n+ if (cache \u003d\u003d NULL) {\n+ X509V3err(X509V3_F_POLICY_CACHE_NEW, ERR_R_MALLOC_FAILURE);\n return 0;\n+ }\n cache-\u003eanyPolicy \u003d NULL;\n cache-\u003edata \u003d NULL;\n cache-\u003eany_skip \u003d -1;\ndiff --git a/crypto/x509v3/pcy_data.c b/crypto/x509v3/pcy_data.c\nindex 757b101..7b75a6d 100644\n--- a/crypto/x509v3/pcy_data.c\n+++ b/crypto/x509v3/pcy_data.c\n@@ -40,6 +40,7 @@ X509_POLICY_DATA *policy_data_new(POLICYINFO *policy,\n {\n X509_POLICY_DATA *ret;\n ASN1_OBJECT *id;\n+\n if (policy \u003d\u003d NULL \u0026\u0026 cid \u003d\u003d NULL)\n return NULL;\n if (cid) {\n@@ -49,12 +50,15 @@ X509_POLICY_DATA *policy_data_new(POLICYINFO *policy,\n } else\n id \u003d NULL;\n ret \u003d OPENSSL_zalloc(sizeof(*ret));\n- if (ret \u003d\u003d NULL)\n+ if (ret \u003d\u003d NULL) {\n+ X509V3err(X509V3_F_POLICY_DATA_NEW, ERR_R_MALLOC_FAILURE);\n return NULL;\n+ }\n ret-\u003eexpected_policy_set \u003d sk_ASN1_OBJECT_new_null();\n if (ret-\u003eexpected_policy_set \u003d\u003d NULL) {\n OPENSSL_free(ret);\n ASN1_OBJECT_free(id);\n+ X509V3err(X509V3_F_POLICY_DATA_NEW, ERR_R_MALLOC_FAILURE);\n return NULL;\n }\n \ndiff --git a/crypto/x509v3/pcy_node.c b/crypto/x509v3/pcy_node.c\nindex 80443bf..f739373 100644\n--- a/crypto/x509v3/pcy_node.c\n+++ b/crypto/x509v3/pcy_node.c\n@@ -10,6 +10,7 @@\n #include \u003copenssl/asn1.h\u003e\n #include \u003copenssl/x509.h\u003e\n #include \u003copenssl/x509v3.h\u003e\n+#include \u003copenssl/err.h\u003e\n \n #include \u0022pcy_int.h\u0022\n \n@@ -66,8 +67,10 @@ X509_POLICY_NODE *level_add_node(X509_POLICY_LEVEL *level,\n X509_POLICY_NODE *node;\n \n node \u003d OPENSSL_zalloc(sizeof(*node));\n- if (node \u003d\u003d NULL)\n+ if (node \u003d\u003d NULL) {\n+ X509V3err(X509V3_F_LEVEL_ADD_NODE, ERR_R_MALLOC_FAILURE);\n return NULL;\n+ }\n node-\u003edata \u003d data;\n node-\u003eparent \u003d parent;\n if (level) {\n@@ -79,20 +82,28 @@ X509_POLICY_NODE *level_add_node(X509_POLICY_LEVEL *level,\n \n if (level-\u003enodes \u003d\u003d NULL)\n level-\u003enodes \u003d policy_node_cmp_new();\n- if (level-\u003enodes \u003d\u003d NULL)\n+ if (level-\u003enodes \u003d\u003d NULL) {\n+ X509V3err(X509V3_F_LEVEL_ADD_NODE, ERR_R_MALLOC_FAILURE);\n goto node_error;\n- if (!sk_X509_POLICY_NODE_push(level-\u003enodes, node))\n+ }\n+ if (!sk_X509_POLICY_NODE_push(level-\u003enodes, node)) {\n+ X509V3err(X509V3_F_LEVEL_ADD_NODE, ERR_R_MALLOC_FAILURE);\n goto node_error;\n+ }\n }\n }\n \n if (tree) {\n if (tree-\u003eextra_data \u003d\u003d NULL)\n tree-\u003eextra_data \u003d sk_X509_POLICY_DATA_new_null();\n- if (tree-\u003eextra_data \u003d\u003d NULL)\n+ if (tree-\u003eextra_data \u003d\u003d NULL){\n+ X509V3err(X509V3_F_LEVEL_ADD_NODE, ERR_R_MALLOC_FAILURE);\n goto node_error;\n- if (!sk_X509_POLICY_DATA_push(tree-\u003eextra_data, data))\n+ }\n+ if (!sk_X509_POLICY_DATA_push(tree-\u003eextra_data, data)) {\n+ X509V3err(X509V3_F_LEVEL_ADD_NODE, ERR_R_MALLOC_FAILURE);\n goto node_error;\n+ }\n }\n \n if (parent)\ndiff --git a/crypto/x509v3/v3_cpols.c b/crypto/x509v3/v3_cpols.c\nindex 51fbb1f..518a0f2 100644\n--- a/crypto/x509v3/v3_cpols.c\n+++ b/crypto/x509v3/v3_cpols.c\n@@ -144,8 +144,8 @@ static STACK_OF(POLICYINFO) *r2i_certpol(X509V3_EXT_METHOD *method,\n }\n pol \u003d POLICYINFO_new();\n if (pol \u003d\u003d NULL) {\n- X509V3err(X509V3_F_R2I_CERTPOL, ERR_R_MALLOC_FAILURE);\n ASN1_OBJECT_free(pobj);\n+ X509V3err(X509V3_F_R2I_CERTPOL, ERR_R_MALLOC_FAILURE);\n goto err;\n }\n pol-\u003epolicyid \u003d pobj;\ndiff --git a/crypto/x509v3/v3err.c b/crypto/x509v3/v3err.c\nindex 6f30ba3..d1b0308 100644\n--- a/crypto/x509v3/v3err.c\n+++ b/crypto/x509v3/v3err.c\n@@ -1,6 +1,6 @@\n /*\n * Generated by util/mkerr.pl DO NOT EDIT\n- * Copyright 1995-2017 The OpenSSL Project Authors. All Rights Reserved.\n+ * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.\n *\n * Licensed under the OpenSSL license (the \u0022License\u0022). You may not use\n * this file except in compliance with the License. You can obtain a copy\n@@ -39,8 +39,14 @@ static const ERR_STRING_DATA X509V3_str_functs[] \u003d {\n \u0022i2s_ASN1_INTEGER\u0022},\n {ERR_PACK(ERR_LIB_X509V3, X509V3_F_I2V_AUTHORITY_INFO_ACCESS, 0),\n \u0022i2v_AUTHORITY_INFO_ACCESS\u0022},\n+ {ERR_PACK(ERR_LIB_X509V3, X509V3_F_LEVEL_ADD_NODE, 0), \u0022level_add_node\u0022},\n {ERR_PACK(ERR_LIB_X509V3, X509V3_F_NOTICE_SECTION, 0), \u0022notice_section\u0022},\n {ERR_PACK(ERR_LIB_X509V3, X509V3_F_NREF_NOS, 0), \u0022nref_nos\u0022},\n+ {ERR_PACK(ERR_LIB_X509V3, X509V3_F_POLICY_CACHE_CREATE, 0),\n+ \u0022policy_cache_create\u0022},\n+ {ERR_PACK(ERR_LIB_X509V3, X509V3_F_POLICY_CACHE_NEW, 0),\n+ \u0022policy_cache_new\u0022},\n+ {ERR_PACK(ERR_LIB_X509V3, X509V3_F_POLICY_DATA_NEW, 0), \u0022policy_data_new\u0022},\n {ERR_PACK(ERR_LIB_X509V3, X509V3_F_POLICY_SECTION, 0), \u0022policy_section\u0022},\n {ERR_PACK(ERR_LIB_X509V3, X509V3_F_PROCESS_PCI_VALUE, 0),\n \u0022process_pci_value\u0022},\ndiff --git a/include/openssl/x509err.h b/include/openssl/x509err.h\nindex 08692a5..4faeffa 100644\n--- a/include/openssl/x509err.h\n+++ b/include/openssl/x509err.h\n@@ -27,8 +27,11 @@ int ERR_load_X509_strings(void);\n # define X509_F_DANE_I2D 107\n # define X509_F_DIR_CTRL 102\n # define X509_F_GET_CERT_BY_SUBJECT 103\n+# define X509_F_I2D_X509_AUX 151\n+# define X509_F_LOOKUP_CERTS_SK 152\n # define X509_F_NETSCAPE_SPKI_B64_DECODE 129\n # define X509_F_NETSCAPE_SPKI_B64_ENCODE 130\n+# define X509_F_NEW_DIR 153\n # define X509_F_X509AT_ADD1_ATTR 135\n # define X509_F_X509V3_ADD_EXT 104\n # define X509_F_X509_ATTRIBUTE_CREATE_BY_NID 136\n@@ -38,6 +41,7 @@ int ERR_load_X509_strings(void);\n # define X509_F_X509_ATTRIBUTE_SET1_DATA 138\n # define X509_F_X509_CHECK_PRIVATE_KEY 128\n # define X509_F_X509_CRL_DIFF 105\n+# define X509_F_X509_CRL_METHOD_NEW 154\n # define X509_F_X509_CRL_PRINT_FP 147\n # define X509_F_X509_EXTENSION_CREATE_BY_NID 108\n # define X509_F_X509_EXTENSION_CREATE_BY_OBJ 109\n@@ -45,7 +49,9 @@ int ERR_load_X509_strings(void);\n # define X509_F_X509_LOAD_CERT_CRL_FILE 132\n # define X509_F_X509_LOAD_CERT_FILE 111\n # define X509_F_X509_LOAD_CRL_FILE 112\n+# define X509_F_X509_LOOKUP_NEW 155\n # define X509_F_X509_NAME_ADD_ENTRY 113\n+# define X509_F_X509_NAME_CANON 156\n # define X509_F_X509_NAME_ENTRY_CREATE_BY_NID 114\n # define X509_F_X509_NAME_ENTRY_CREATE_BY_TXT 131\n # define X509_F_X509_NAME_ENTRY_SET_OBJECT 115\n@@ -62,10 +68,12 @@ int ERR_load_X509_strings(void);\n # define X509_F_X509_REQ_TO_X509 123\n # define X509_F_X509_STORE_ADD_CERT 124\n # define X509_F_X509_STORE_ADD_CRL 125\n+# define X509_F_X509_STORE_ADD_LOOKUP 157\n # define X509_F_X509_STORE_CTX_GET1_ISSUER 146\n # define X509_F_X509_STORE_CTX_INIT 143\n # define X509_F_X509_STORE_CTX_NEW 142\n # define X509_F_X509_STORE_CTX_PURPOSE_INHERIT 134\n+# define X509_F_X509_STORE_NEW 158\n # define X509_F_X509_TO_X509_REQ 126\n # define X509_F_X509_TRUST_ADD 133\n # define X509_F_X509_TRUST_SET 141\ndiff --git a/include/openssl/x509v3err.h b/include/openssl/x509v3err.h\nindex e8308ef..f961339 100644\n--- a/include/openssl/x509v3err.h\n+++ b/include/openssl/x509v3err.h\n@@ -34,8 +34,12 @@ int ERR_load_X509V3_strings(void);\n # define X509V3_F_I2S_ASN1_IA5STRING 149\n # define X509V3_F_I2S_ASN1_INTEGER 120\n # define X509V3_F_I2V_AUTHORITY_INFO_ACCESS 138\n+# define X509V3_F_LEVEL_ADD_NODE 168\n # define X509V3_F_NOTICE_SECTION 132\n # define X509V3_F_NREF_NOS 133\n+# define X509V3_F_POLICY_CACHE_CREATE 169\n+# define X509V3_F_POLICY_CACHE_NEW 170\n+# define X509V3_F_POLICY_DATA_NEW 171\n # define X509V3_F_POLICY_SECTION 131\n # define X509V3_F_PROCESS_PCI_VALUE 150\n # define X509V3_F_R2I_CERTPOL 130\n","s":{"c":1753411233,"u": 70655}} ],"g": 73418,"chitpc": 0,"ehitpc": 0,"indexed":0 , "ab": 0, "si": 0, "db":0, "di":0, "sat":0, "lfc": "0000"}