Commit b6306d80 authored by Benjamin Kaduk's avatar Benjamin Kaduk Committed by Ben Kaduk
Browse files

Fix coverity-reported errors in ocspapitest 



Avoid memory leaks in error paths, and correctly apply
parentheses to function calls in a long if-chain.

Reviewed-by: default avatarMatt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/4873)
parent 0488c0bb

test/ocspapitest.c

+21 −13
Original line number Diff line number Diff line
@@ -51,7 +51,8 @@ static OCSP_BASICRESP *make_dummy_resp(void) 
    const unsigned char namestr[] = "openssl.example.com";

    unsigned char keybytes[128] = {7};

    OCSP_BASICRESP *bs = OCSP_BASICRESP_new();

    OCSP_CERTID *cid;

    OCSP_BASICRESP *bs_out = NULL;

    OCSP_CERTID *cid = NULL;

    ASN1_TIME *thisupd = ASN1_TIME_set(NULL, time(NULL));

    ASN1_TIME *nextupd = ASN1_TIME_set(NULL, time(NULL) + 200);

    X509_NAME *name = X509_NAME_new();
@@ -60,9 +61,9 @@ static OCSP_BASICRESP *make_dummy_resp(void) 


    if (!X509_NAME_add_entry_by_NID(name, NID_commonName, MBSTRING_ASC,

                                   namestr, -1, -1, 1)

        || !ASN1_BIT_STRING_set(key, keybytes, sizeof(keybytes)

        || !ASN1_INTEGER_set_uint64(serial, (uint64_t)1)))

        return NULL;

        || !ASN1_BIT_STRING_set(key, keybytes, sizeof(keybytes))

        || !ASN1_INTEGER_set_uint64(serial, (uint64_t)1))

        goto err;

    cid = OCSP_cert_id_new(EVP_sha256(), name, key, serial);

    if (!TEST_ptr(bs)

        || !TEST_ptr(thisupd)
@@ -71,23 +72,28 @@ static OCSP_BASICRESP *make_dummy_resp(void) 
        || !TEST_true(OCSP_basic_add1_status(bs, cid,

                                             V_OCSP_CERTSTATUS_UNKNOWN,

                                             0, NULL, thisupd, nextupd)))

        return NULL;

        goto err;

    bs_out = bs;

    bs = NULL;

 err:

    ASN1_TIME_free(thisupd);

    ASN1_TIME_free(nextupd);

    ASN1_BIT_STRING_free(key);

    ASN1_INTEGER_free(serial);

    OCSP_CERTID_free(cid);

    OCSP_BASICRESP_free(bs);

    X509_NAME_free(name);

    return bs;

    return bs_out;

}



#ifndef OPENSSL_NO_OCSP

static int test_resp_signer(void)

{

    OCSP_BASICRESP *bs;

    OCSP_BASICRESP *bs = NULL;

    X509 *signer = NULL, *tmp;

    EVP_PKEY *key = NULL;

    STACK_OF(X509) *extra_certs;

    STACK_OF(X509) *extra_certs = NULL;

    int ret = 0;



    /*

     * Test a response with no certs at all; get the signer from the
@@ -101,10 +107,10 @@ static int test_resp_signer(void) 
        || !TEST_true(sk_X509_push(extra_certs, signer))

        || !TEST_true(OCSP_basic_sign(bs, signer, key, EVP_sha1(),

                                      NULL, OCSP_NOCERTS)))

        return 0;

        goto err;

    if (!TEST_true(OCSP_resp_get0_signer(bs, &tmp, extra_certs))

        || !TEST_int_eq(X509_cmp(tmp, signer), 0))

        return 0;

        goto err;

    OCSP_BASICRESP_free(bs);



    /* Do it again but include the signer cert */
@@ -113,15 +119,17 @@ static int test_resp_signer(void) 
    if (!TEST_ptr(bs)

        || !TEST_true(OCSP_basic_sign(bs, signer, key, EVP_sha1(),

                                      NULL, 0)))

        return 0;

        goto err;

    if (!TEST_true(OCSP_resp_get0_signer(bs, &tmp, NULL))

        || !TEST_int_eq(X509_cmp(tmp, signer), 0))

        return 0;

        goto err;

    ret = 1;

 err:

    OCSP_BASICRESP_free(bs);

    sk_X509_free(extra_certs);

    X509_free(signer);

    EVP_PKEY_free(key);

    return 1;

    return ret;

}

#endif