From b4e88ccb2875b414c3882759a1f1c6a4a07df389 Mon Sep 17 00:00:00 2001
From: Nils Larsch <nils@openssl.org>
Date: Sat, 18 Mar 2006 14:27:41 +0000
Subject: [PATCH] ensure the pointer is valid before using it

---
 apps/ts.c               |  2 ++
 crypto/bn/bntest.c      |  2 ++
 crypto/ts/ts_rsp_sign.c | 32 ++++++++++++++++++++------------
 3 files changed, 24 insertions(+), 12 deletions(-)

diff --git a/apps/ts.c b/apps/ts.c
index 0083f9a1e1..f0923360a7 100644
--- a/apps/ts.c
+++ b/apps/ts.c
@@ -1041,6 +1041,8 @@ static TS_VERIFY_CTX *create_verify_ctx(char *data, char *digest,
 		if (!(request = d2i_TS_REQ_bio(input, NULL))) goto err;
 		if (!(ctx = TS_REQ_to_TS_VERIFY_CTX(request, NULL))) goto err;
 		}
+	else
+		return NULL;
 
 	/* Add the signature verification flag and arguments. */
 	ctx->flags |= TS_VFY_SIGNATURE;
diff --git a/crypto/bn/bntest.c b/crypto/bn/bntest.c
index b79685ee42..5a3c3d1d2e 100644
--- a/crypto/bn/bntest.c
+++ b/crypto/bn/bntest.c
@@ -732,6 +732,8 @@ int test_mont(BIO *bp, BN_CTX *ctx)
 	BN_init(&n);
 
 	mont=BN_MONT_CTX_new();
+	if (mont == NULL)
+		return 0;
 
 	BN_bntest_rand(&a,100,0,0); /**/
 	BN_bntest_rand(&b,100,0,0); /**/
diff --git a/crypto/ts/ts_rsp_sign.c b/crypto/ts/ts_rsp_sign.c
index 30b6498456..0c8e636fdf 100644
--- a/crypto/ts/ts_rsp_sign.c
+++ b/crypto/ts/ts_rsp_sign.c
@@ -466,18 +466,21 @@ TS_RESP *TS_RESP_create_response(TS_RESP_CTX *ctx, BIO *req_bio)
 	if (!result)
 		{
 		TSerr(TS_F_TS_RESP_CREATE_RESPONSE, TS_R_RESPONSE_SETUP_ERROR);
-		TS_RESP_CTX_set_status_info_cond(ctx, TS_STATUS_REJECTION,
-						 "Error during response "
-						 "generation.");
-		/* Check if the status info was set. */
-		if (ctx->response
-		    && ASN1_INTEGER_get(
-			    TS_RESP_get_status_info(ctx->response)->status)
-		    == TS_STATUS_GRANTED)
+		if (ctx != NULL)
 			{
-			/* Status info wasn't set, don't return a response. */
-			TS_RESP_free(ctx->response);
-			ctx->response = NULL;
+			TS_RESP_CTX_set_status_info_cond(ctx,
+				TS_STATUS_REJECTION, "Error during response "
+				"generation.");
+			/* Check if the status info was set. */
+			if (ctx->response && ASN1_INTEGER_get(
+			    TS_RESP_get_status_info(ctx->response)->status)
+			    == TS_STATUS_GRANTED)
+				{
+				/* Status info wasn't set, don't
+				 * return a response. */
+				TS_RESP_free(ctx->response);
+				ctx->response = NULL;
+				}
 			}
 		}
 	response = ctx->response;
@@ -567,13 +570,18 @@ static int TS_RESP_check_request(TS_RESP_CTX *ctx)
 	return 1;
 	}
 
-/* Returns the TSA policy based on the rqeuested and acceptable policies. */
+/* Returns the TSA policy based on the requested and acceptable policies. */
 static ASN1_OBJECT *TS_RESP_get_policy(TS_RESP_CTX *ctx)
 	{
 	ASN1_OBJECT *requested = TS_REQ_get_policy_id(ctx->request);
 	ASN1_OBJECT *policy = NULL;
 	int i;
 
+	if (ctx->default_policy == NULL)
+		{
+		TSerr(TS_F_TS_RESP_GET_POLICY, TS_R_INVALID_NULL_POINTER);
+		return NULL;
+		}
 	/* Return the default policy if none is requested or the default is
 	   requested. */
 	if (!requested || !OBJ_cmp(requested, ctx->default_policy))
-- 
2.34.1