Minor OpenSSL fixes

These are all the NULL pointer dereferences (which all appear to be, at
worst, very difficult to hit) that gcc -fanalyzer finds in our OpenSSL
code.

Signed-off-by: Peter Jones <pjones@redhat.com>

1 files changed, 6 insertions, 2 deletions

diff --git a/Cryptlib/OpenSSL/crypto/x509/x509_trs.c b/Cryptlib/OpenSSL/crypto/x509/x509_trs.c
index 11e07634..2fa33823 100644
--- a/Cryptlib/OpenSSL/crypto/x509/x509_trs.c
+++ b/Cryptlib/OpenSSL/crypto/x509/x509_trs.c
@@ -131,6 +131,8 @@ int X509_check_trust(X509 *x, int id, int flags)
     if (idx == -1)
         return default_trust(id, x, flags);
     pt = X509_TRUST_get0(idx);
+    if (!pt)
+        return default_trust(id, x, flags);
     return pt->check_trust(pt, x, flags);
 }
 
@@ -195,8 +197,10 @@ int X509_TRUST_add(int id, int flags, int (*ck) (X509_TRUST *, X509 *, int),
             return 0;
         }
         trtmp->flags = X509_TRUST_DYNAMIC;
-    } else
-        trtmp = X509_TRUST_get0(idx);
+    } else if (!(trtmp = X509_TRUST_get0(idx))) {
+        X509err(X509_F_X509_TRUST_ADD, ERR_R_MALLOC_FAILURE);
+        return 0;
+    }
 
     /* OPENSSL_free existing name if dynamic */
     if (trtmp->flags & X509_TRUST_DYNAMIC_NAME)