As the potential failure of the OPENSSL_malloc(),
timestamp_tm could be NULL and be used in ASN1_TIME_to_tm()
without check.
Therefore, it should be better to check the return value of
OPENSSL_malloc() and return error if fails.
Signed-off-by: Jiasheng Jiang <jiasheng@iscas.ac.cn>
Reviewed-by: Todd Short <todd.short@me.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18575)
}
timestamp_tm = OPENSSL_malloc(sizeof(*timestamp_tm));
-
+ if (timestamp_tm == NULL) {
+ ASN1_TIME_free(timestamp_asn1);
+ return -1;
+ }
if (!(ASN1_TIME_to_tm(timestamp_asn1, timestamp_tm))) {
OPENSSL_free(timestamp_tm);
ASN1_TIME_free(timestamp_asn1);