diff options
author | Steve McIntyre <steve@einval.com> | 2021-03-23 23:49:46 +0000 |
---|---|---|
committer | Steve McIntyre <steve@einval.com> | 2021-03-23 23:49:46 +0000 |
commit | 1251a7ba86fc40a6aad8b4fecdbca2b61808d9fa (patch) | |
tree | 2125fda549aaca55cb49a48d54be77dec7fbf3df /Cryptlib/OpenSSL/crypto/x509 | |
parent | 85b409232ce89b34626df9d72abedf5d4f5ccef6 (diff) | |
parent | 031e5cce385d3f96b1caa1d53495332a7eb03749 (diff) | |
download | efi-boot-shim-debian/15.3-1.tar.gz efi-boot-shim-debian/15.3-1.zip |
Update upstream source from tag 'upstream/15.3'debian/15.3-1
Update to upstream version '15.3'
with Debian dir 1b484f1c1ac270604a5a1451b34de4b0865c6211
Diffstat (limited to 'Cryptlib/OpenSSL/crypto/x509')
-rw-r--r-- | Cryptlib/OpenSSL/crypto/x509/x509_trs.c | 8 | ||||
-rw-r--r-- | Cryptlib/OpenSSL/crypto/x509/x509_vfy.c | 3 |
2 files changed, 8 insertions, 3 deletions
diff --git a/Cryptlib/OpenSSL/crypto/x509/x509_trs.c b/Cryptlib/OpenSSL/crypto/x509/x509_trs.c index 11e07634..2fa33823 100644 --- a/Cryptlib/OpenSSL/crypto/x509/x509_trs.c +++ b/Cryptlib/OpenSSL/crypto/x509/x509_trs.c @@ -131,6 +131,8 @@ int X509_check_trust(X509 *x, int id, int flags) if (idx == -1) return default_trust(id, x, flags); pt = X509_TRUST_get0(idx); + if (!pt) + return default_trust(id, x, flags); return pt->check_trust(pt, x, flags); } @@ -195,8 +197,10 @@ int X509_TRUST_add(int id, int flags, int (*ck) (X509_TRUST *, X509 *, int), return 0; } trtmp->flags = X509_TRUST_DYNAMIC; - } else - trtmp = X509_TRUST_get0(idx); + } else if (!(trtmp = X509_TRUST_get0(idx))) { + X509err(X509_F_X509_TRUST_ADD, ERR_R_MALLOC_FAILURE); + return 0; + } /* OPENSSL_free existing name if dynamic */ if (trtmp->flags & X509_TRUST_DYNAMIC_NAME) diff --git a/Cryptlib/OpenSSL/crypto/x509/x509_vfy.c b/Cryptlib/OpenSSL/crypto/x509/x509_vfy.c index 5bf3f07a..96f306b2 100644 --- a/Cryptlib/OpenSSL/crypto/x509/x509_vfy.c +++ b/Cryptlib/OpenSSL/crypto/x509/x509_vfy.c @@ -984,7 +984,8 @@ static int check_cert(X509_STORE_CTX *ctx) { X509_CRL *crl = NULL, *dcrl = NULL; X509 *x; - int ok, cnum; + int ok = 0; /* current openssl sets 'ok' to zero here */ + int cnum; unsigned int last_reasons; cnum = ctx->error_depth; x = sk_X509_value(ctx->chain, cnum); |