X-Git-Url: https://git.openssl.org/gitweb/?p=openssl.git;a=blobdiff_plain;f=crypto%2Fx509v3%2Fv3_utl.c;h=24bb1576365aab08caa3057ddd0ef4ea4396d66b;hp=debd8078caef83e591aede236c81c54f509fd520;hb=349807608f31b20af01a342d0072bb92e0b036e2;hpb=9a3bf97315aa121441777bf1bc4bea3c5e00af29

diff --git a/crypto/x509v3/v3_utl.c b/crypto/x509v3/v3_utl.c
index debd8078ca..24bb157636 100644
--- a/crypto/x509v3/v3_utl.c
+++ b/crypto/x509v3/v3_utl.c
@@ -1,4 +1,3 @@
-/* v3_utl.c */
 /*
  * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
  * project.
@@ -60,9 +59,10 @@
 
 #include <stdio.h>
 #include <ctype.h>
-#include "cryptlib.h"
+#include "internal/cryptlib.h"
 #include <openssl/conf.h>
 #include <openssl/x509v3.h>
+#include "internal/x509_int.h"
 #include <openssl/bn.h>
 
 static char *strip_spaces(char *name);
@@ -84,13 +84,14 @@ int X509V3_add_value(const char *name, const char *value,
 {
     CONF_VALUE *vtmp = NULL;
     char *tname = NULL, *tvalue = NULL;
-    if (name && !(tname = BUF_strdup(name)))
+
+    if (name && (tname = OPENSSL_strdup(name)) == NULL)
         goto err;
-    if (value && !(tvalue = BUF_strdup(value)))
+    if (value && (tvalue = OPENSSL_strdup(value)) == NULL)
         goto err;
-    if (!(vtmp = OPENSSL_malloc(sizeof(*vtmp))))
+    if ((vtmp = OPENSSL_malloc(sizeof(*vtmp))) == NULL)
         goto err;
-    if (!*extlist && !(*extlist = sk_CONF_VALUE_new_null()))
+    if (*extlist == NULL && (*extlist = sk_CONF_VALUE_new_null()) == NULL)
         goto err;
     vtmp->section = NULL;
     vtmp->name = tname;
@@ -144,10 +145,11 @@ char *i2s_ASN1_ENUMERATED(X509V3_EXT_METHOD *method, ASN1_ENUMERATED *a)
 {
     BIGNUM *bntmp = NULL;
     char *strtmp = NULL;
+
     if (!a)
         return NULL;
-    if (!(bntmp = ASN1_ENUMERATED_to_BN(a, NULL)) ||
-        !(strtmp = BN_bn2dec(bntmp)))
+    if ((bntmp = ASN1_ENUMERATED_to_BN(a, NULL)) == NULL
+        || (strtmp = BN_bn2dec(bntmp)) == NULL)
         X509V3err(X509V3_F_I2S_ASN1_ENUMERATED, ERR_R_MALLOC_FAILURE);
     BN_free(bntmp);
     return strtmp;
@@ -157,10 +159,11 @@ char *i2s_ASN1_INTEGER(X509V3_EXT_METHOD *method, ASN1_INTEGER *a)
 {
     BIGNUM *bntmp = NULL;
     char *strtmp = NULL;
+
     if (!a)
         return NULL;
-    if (!(bntmp = ASN1_INTEGER_to_BN(a, NULL)) ||
-        !(strtmp = BN_bn2dec(bntmp)))
+    if ((bntmp = ASN1_INTEGER_to_BN(a, NULL)) == NULL
+        || (strtmp = BN_bn2dec(bntmp)) == NULL)
         X509V3err(X509V3_F_I2S_ASN1_INTEGER, ERR_R_MALLOC_FAILURE);
     BN_free(bntmp);
     return strtmp;
@@ -172,11 +175,15 @@ ASN1_INTEGER *s2i_ASN1_INTEGER(X509V3_EXT_METHOD *method, char *value)
     ASN1_INTEGER *aint;
     int isneg, ishex;
     int ret;
-    if (!value) {
+    if (value == NULL) {
         X509V3err(X509V3_F_S2I_ASN1_INTEGER, X509V3_R_INVALID_NULL_VALUE);
-        return 0;
+        return NULL;
     }
     bn = BN_new();
+    if (bn == NULL) {
+        X509V3err(X509V3_F_S2I_ASN1_INTEGER, ERR_R_MALLOC_FAILURE);
+        return NULL;
+    }
     if (value[0] == '-') {
         value++;
         isneg = 1;
@@ -197,7 +204,7 @@ ASN1_INTEGER *s2i_ASN1_INTEGER(X509V3_EXT_METHOD *method, char *value)
     if (!ret || value[ret]) {
         BN_free(bn);
         X509V3err(X509V3_F_S2I_ASN1_INTEGER, X509V3_R_BN_DEC2BN_ERROR);
-        return 0;
+        return NULL;
     }
 
     if (isneg && BN_is_zero(bn))
@@ -208,7 +215,7 @@ ASN1_INTEGER *s2i_ASN1_INTEGER(X509V3_EXT_METHOD *method, char *value)
     if (!aint) {
         X509V3err(X509V3_F_S2I_ASN1_INTEGER,
                   X509V3_R_BN_TO_ASN1_INTEGER_ERROR);
-        return 0;
+        return NULL;
     }
     if (isneg)
         aint->type |= V_ASN1_NEG;
@@ -220,9 +227,10 @@ int X509V3_add_value_int(const char *name, ASN1_INTEGER *aint,
 {
     char *strtmp;
     int ret;
+
     if (!aint)
         return 1;
-    if (!(strtmp = i2s_ASN1_INTEGER(NULL, aint)))
+    if ((strtmp = i2s_ASN1_INTEGER(NULL, aint)) == NULL)
         return 0;
     ret = X509V3_add_value(name, strtmp, extlist);
     OPENSSL_free(strtmp);
@@ -232,7 +240,8 @@ int X509V3_add_value_int(const char *name, ASN1_INTEGER *aint,
 int X509V3_get_value_bool(CONF_VALUE *value, int *asn1_bool)
 {
     char *btmp;
-    if (!(btmp = value->value))
+
+    if ((btmp = value->value) == NULL)
         goto err;
     if (strcmp(btmp, "TRUE") == 0
         || strcmp(btmp, "true") == 0
@@ -262,7 +271,8 @@ int X509V3_get_value_bool(CONF_VALUE *value, int *asn1_bool)
 int X509V3_get_value_int(CONF_VALUE *value, ASN1_INTEGER **aint)
 {
     ASN1_INTEGER *itmp;
-    if (!(itmp = s2i_ASN1_INTEGER(NULL, value->value))) {
+
+    if ((itmp = s2i_ASN1_INTEGER(NULL, value->value)) == NULL) {
         X509V3_conf_err(value);
         return 0;
     }
@@ -285,7 +295,11 @@ STACK_OF(CONF_VALUE) *X509V3_parse_list(const char *line)
     char *linebuf;
     int state;
     /* We are going to modify the line so copy it first */
-    linebuf = BUF_strdup(line);
+    linebuf = OPENSSL_strdup(line);
+    if (linebuf == NULL) {
+        X509V3err(X509V3_F_X509V3_PARSE_LIST, ERR_R_MALLOC_FAILURE);
+        goto err;
+    }
     state = HDR_NAME;
     ntmp = NULL;
     /* Go through all characters */
@@ -397,7 +411,7 @@ char *hex_to_string(const unsigned char *buffer, long len)
     const static char hexdig[] = "0123456789ABCDEF";
     if (!buffer || !len)
         return NULL;
-    if (!(tmp = OPENSSL_malloc(len * 3 + 1))) {
+    if ((tmp = OPENSSL_malloc(len * 3 + 1)) == NULL) {
         X509V3err(X509V3_F_HEX_TO_STRING, ERR_R_MALLOC_FAILURE);
         return NULL;
     }
@@ -427,7 +441,7 @@ unsigned char *string_to_hex(const char *str, long *len)
         X509V3err(X509V3_F_STRING_TO_HEX, X509V3_R_INVALID_NULL_ARGUMENT);
         return NULL;
     }
-    if (!(hexbuf = OPENSSL_malloc(strlen(str) >> 1)))
+    if ((hexbuf = OPENSSL_malloc(strlen(str) >> 1)) == NULL)
         goto err;
     for (p = (unsigned char *)str, q = hexbuf; *p;) {
         ch = *p++;
@@ -595,15 +609,15 @@ static int append_ia5(STACK_OF(OPENSSL_STRING) **sk, ASN1_IA5STRING *email)
         return 1;
     if (!email->data || !email->length)
         return 1;
-    if (!*sk)
+    if (*sk == NULL)
         *sk = sk_OPENSSL_STRING_new(sk_strcmp);
-    if (!*sk)
+    if (*sk == NULL)
         return 0;
     /* Don't add duplicates */
     if (sk_OPENSSL_STRING_find(*sk, (char *)email->data) != -1)
         return 1;
-    emtmp = BUF_strdup((char *)email->data);
-    if (!emtmp || !sk_OPENSSL_STRING_push(*sk, emtmp)) {
+    emtmp = OPENSSL_strdup((char *)email->data);
+    if (emtmp == NULL || !sk_OPENSSL_STRING_push(*sk, emtmp)) {
         X509_email_free(*sk);
         *sk = NULL;
         return 0;
@@ -825,7 +839,8 @@ static const unsigned char *valid_star(const unsigned char *p, size_t len,
             state = LABEL_START;
             ++dots;
         } else if (p[i] == '-') {
-            if ((state & LABEL_HYPHEN) != 0)
+            /* no domain/subdomain starts with '-' */
+            if ((state & LABEL_START) != 0)
                 return NULL;
             state |= LABEL_HYPHEN;
         } else
@@ -884,7 +899,7 @@ static int do_check_string(ASN1_STRING *a, int cmp_type, equal_fn equal,
         else if (a->length == (int)blen && !memcmp(a->data, b, blen))
             rv = 1;
         if (rv > 0 && peername)
-            *peername = BUF_strndup((char *)a->data, a->length);
+            *peername = OPENSSL_strndup((char *)a->data, a->length);
     } else {
         int astrlen;
         unsigned char *astr;
@@ -898,7 +913,7 @@ static int do_check_string(ASN1_STRING *a, int cmp_type, equal_fn equal,
         }
         rv = equal(astr, astrlen, (unsigned char *)b, blen, flags);
         if (rv > 0 && peername)
-            *peername = BUF_strndup((char *)astr, astrlen);
+            *peername = OPENSSL_strndup((char *)astr, astrlen);
         OPENSSL_free(astr);
     }
     return rv;
@@ -910,7 +925,7 @@ static int do_x509_check(X509 *x, const char *chk, size_t chklen,
     GENERAL_NAMES *gens = NULL;
     X509_NAME *name = NULL;
     int i;
-    int cnid;
+    int cnid = NID_undef;
     int alt_type;
     int san_present = 0;
     int rv = 0;
@@ -933,7 +948,6 @@ static int do_x509_check(X509 *x, const char *chk, size_t chklen,
         else
             equal = equal_wildcard;
     } else {
-        cnid = 0;
         alt_type = V_ASN1_OCTET_STRING;
         equal = equal_case;
     }
@@ -964,11 +978,16 @@ static int do_x509_check(X509 *x, const char *chk, size_t chklen,
         GENERAL_NAMES_free(gens);
         if (rv != 0)
             return rv;
-        if (!cnid
+        if (cnid == NID_undef
             || (san_present
                 && !(flags & X509_CHECK_FLAG_ALWAYS_CHECK_SUBJECT)))
             return 0;
     }
+
+    /* We're done if CN-ID is not pertinent */
+    if (cnid == NID_undef)
+        return 0;
+
     i = -1;
     name = X509_get_subject_name(x);
     while ((i = X509_NAME_get_index_by_NID(name, cnid, i)) >= 0) {
@@ -1062,7 +1081,7 @@ ASN1_OCTET_STRING *a2i_IPADDRESS(const char *ipasc)
         return NULL;
 
     ret = ASN1_OCTET_STRING_new();
-    if (!ret)
+    if (ret == NULL)
         return NULL;
     if (!ASN1_OCTET_STRING_set(ret, ipout, iplen)) {
         ASN1_OCTET_STRING_free(ret);
@@ -1080,7 +1099,7 @@ ASN1_OCTET_STRING *a2i_IPADDRESS_NC(const char *ipasc)
     p = strchr(ipasc, '/');
     if (!p)
         return NULL;
-    iptmp = BUF_strdup(ipasc);
+    iptmp = OPENSSL_strdup(ipasc);
     if (!iptmp)
         return NULL;
     p = iptmp + (p - ipasc);
@@ -1100,7 +1119,7 @@ ASN1_OCTET_STRING *a2i_IPADDRESS_NC(const char *ipasc)
         goto err;
 
     ret = ASN1_OCTET_STRING_new();
-    if (!ret)
+    if (ret == NULL)
         goto err;
     if (!ASN1_OCTET_STRING_set(ret, ipout, iplen1 + iplen2))
         goto err;