Fix some error path logic in i2v_AUTHORITY_INFO_ACCESS and i2v_GENERAL_NAME

[openssl.git] / crypto / x509v3 / v3_addr.c

diff --git a/crypto/x509v3/v3_addr.c b/crypto/x509v3/v3_addr.c
index 53583fb754fdcac50cd45bcf5db5edfdd6a4a33d..ef1d775ac938acf96b8d3343ee1321d9f80a8bf7 100644 (file)
--- a/crypto/x509v3/v3_addr.c
+++ b/crypto/x509v3/v3_addr.c
@@ -686,7 +686,7 @@ int X509v3_addr_is_canonical(IPAddrBlocks *addr)
     int i, j, k;
 
     /*
-     * Empty extension is cannonical.
+     * Empty extension is canonical.
      */
     if (addr == NULL)
         return 1;
@@ -1166,6 +1166,11 @@ int X509v3_addr_subset(IPAddrBlocks *a, IPAddrBlocks *b)
 
 /*
  * Core code for RFC 3779 2.3 path validation.
+ *
+ * Returns 1 for success, 0 on error.
+ *
+ * When returning 0, ctx->error MUST be set to an appropriate value other than
+ * X509_V_OK.
  */
 static int addr_validate_path_internal(X509_STORE_CTX *ctx,
                                        STACK_OF(X509) *chain,
@@ -1200,6 +1205,7 @@ static int addr_validate_path_internal(X509_STORE_CTX *ctx,
     if ((child = sk_IPAddressFamily_dup(ext)) == NULL) {
         X509V3err(X509V3_F_ADDR_VALIDATE_PATH_INTERNAL,
                   ERR_R_MALLOC_FAILURE);
+        ctx->error = X509_V_ERR_OUT_OF_MEM;
         ret = 0;
         goto done;
     }