Add NULL checks from master

The big "don't check for NULL" cleanup requires backporting some
of the lowest-level functions to actually do nothing if NULL is
given.  This will make it easier to backport fixes to release
branches, where master assumes those lower-level functions are "safe"

This commit addresses those tickets: 3798 3799 3801.

Reviewed-by: Matt Caswell <matt@openssl.org>

diff --git a/crypto/cmac/cmac.c b/crypto/cmac/cmac.c
index c5597a3f73b99b4123f36f54b1af748529a86a3e..774e6dc919050dc46d668cebf5514ca14a39f1e3 100644 (file)
--- a/crypto/cmac/cmac.c
+++ b/crypto/cmac/cmac.c
@@ -126,6 +126,8 @@ EVP_CIPHER_CTX *CMAC_CTX_get0_cipher_ctx(CMAC_CTX *ctx)
 
 void CMAC_CTX_free(CMAC_CTX *ctx)
 {
+    if (!ctx)
+        return;
     CMAC_CTX_cleanup(ctx);
     OPENSSL_free(ctx);
 }

diff --git a/crypto/x509/x509_lu.c b/crypto/x509/x509_lu.c
index ff1fa975fd7c0b2faffcc8ae062dd34d565d914c..b0d653903ff5661b11a5d8e71d1bb4344a36a047 100644 (file)
--- a/crypto/x509/x509_lu.c
+++ b/crypto/x509/x509_lu.c
@@ -216,6 +216,8 @@ X509_STORE *X509_STORE_new(void)
 
 static void cleanup(X509_OBJECT *a)
 {
+    if (!a)
+        return;
     if (a->type == X509_LU_X509) {
         X509_free(a->data.x509);
     } else if (a->type == X509_LU_CRL) {

diff --git a/crypto/x509/x509_vfy.c b/crypto/x509/x509_vfy.c
index f3e9c56b0917158b83ebf69002f893cc1f3a5994..b4e7983f26e3995398be6021963df9f3190894ab 100644 (file)
--- a/crypto/x509/x509_vfy.c
+++ b/crypto/x509/x509_vfy.c
@@ -2206,6 +2206,8 @@ X509_STORE_CTX *X509_STORE_CTX_new(void)
 
 void X509_STORE_CTX_free(X509_STORE_CTX *ctx)
 {
+    if (!ctx)
+        return;
     X509_STORE_CTX_cleanup(ctx);
     OPENSSL_free(ctx);
 }