GH620: second diff from rt-2275, adds error code

[openssl.git] / crypto / x509v3 / v3_ncons.c

diff --git a/crypto/x509v3/v3_ncons.c b/crypto/x509v3/v3_ncons.c
index 1e6fae80814f6cf983f9688732cce6221b62c76f..31e37a0fe86b6363375573cc435928762b530f04 100644 (file)
--- a/crypto/x509v3/v3_ncons.c
+++ b/crypto/x509v3/v3_ncons.c
@@ -1,4 +1,3 @@
-/* v3_ncons.c */
 /*
  * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
  * project.
@@ -58,12 +57,13 @@
  */
 
 #include <stdio.h>
-#include "cryptlib.h"
+#include "internal/cryptlib.h"
 #include <openssl/asn1t.h>
 #include <openssl/conf.h>
 #include <openssl/x509v3.h>
 
 #include "internal/x509_int.h"
+#include "ext_dat.h"
 
 static void *v2i_NAME_CONSTRAINTS(const X509V3_EXT_METHOD *method,
                                   X509V3_CTX *ctx,
@@ -118,15 +118,16 @@ static void *v2i_NAME_CONSTRAINTS(const X509V3_EXT_METHOD *method,
     STACK_OF(GENERAL_SUBTREE) **ptree = NULL;
     NAME_CONSTRAINTS *ncons = NULL;
     GENERAL_SUBTREE *sub = NULL;
+
     ncons = NAME_CONSTRAINTS_new();
-    if (!ncons)
+    if (ncons == NULL)
         goto memerr;
     for (i = 0; i < sk_CONF_VALUE_num(nval); i++) {
         val = sk_CONF_VALUE_value(nval, i);
-        if (!strncmp(val->name, "permitted", 9) && val->name[9]) {
+        if (strncmp(val->name, "permitted", 9) == 0 && val->name[9]) {
             ptree = &ncons->permittedSubtrees;
             tval.name = val->name + 10;
-        } else if (!strncmp(val->name, "excluded", 8) && val->name[8]) {
+        } else if (strncmp(val->name, "excluded", 8) == 0 && val->name[8]) {
             ptree = &ncons->excludedSubtrees;
             tval.name = val->name + 9;
         } else {
@@ -135,11 +136,13 @@ static void *v2i_NAME_CONSTRAINTS(const X509V3_EXT_METHOD *method,
         }
         tval.value = val->value;
         sub = GENERAL_SUBTREE_new();
+        if (sub == NULL)
+            goto memerr;
         if (!v2i_GENERAL_NAME_ex(sub->base, method, ctx, &tval, 1))
             goto err;
-        if (!*ptree)
+        if (*ptree == NULL)
             *ptree = sk_GENERAL_SUBTREE_new_null();
-        if (!*ptree || !sk_GENERAL_SUBTREE_push(*ptree, sub))
+        if (*ptree == NULL || !sk_GENERAL_SUBTREE_push(*ptree, sub))
             goto memerr;
         sub = NULL;
     }
@@ -402,11 +405,11 @@ static int nc_email(ASN1_IA5STRING *eml, ASN1_IA5STRING *base)
     const char *emlat = strchr(emlptr, '@');
     if (!emlat)
         return X509_V_ERR_UNSUPPORTED_NAME_SYNTAX;
-    /* Special case: inital '.' is RHS match */
+    /* Special case: initial '.' is RHS match */
     if (!baseat && (*baseptr == '.')) {
         if (eml->length > base->length) {
             emlptr += eml->length - base->length;
-            if (!strcasecmp(baseptr, emlptr))
+            if (strcasecmp(baseptr, emlptr) == 0)
                 return X509_V_OK;
         }
         return X509_V_ERR_PERMITTED_VIOLATION;
@@ -462,11 +465,11 @@ static int nc_uri(ASN1_IA5STRING *uri, ASN1_IA5STRING *base)
     if (hostlen == 0)
         return X509_V_ERR_UNSUPPORTED_NAME_SYNTAX;
 
-    /* Special case: inital '.' is RHS match */
+    /* Special case: initial '.' is RHS match */
     if (*baseptr == '.') {
         if (hostlen > base->length) {
             p = hostptr + hostlen - base->length;
-            if (!strncasecmp(p, baseptr, base->length))
+            if (strncasecmp(p, baseptr, base->length) == 0)
                 return X509_V_OK;
         }
         return X509_V_ERR_PERMITTED_VIOLATION;