From: Dmitry Belyavskiy <beldmit@gmail.com>
Date: Fri, 22 Feb 2019 13:58:55 +0000 (+0300)
Subject: Add some checks of OCSP functions
X-Git-Tag: openssl-3.0.0-alpha1~2296
X-Git-Url: https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff_plain;h=72b89b8e201d17dea0219b4b92df7af7e17f183a;hp=cc6d92619fc3678817b2e09894683b40860563a7

Add some checks of OCSP functions

Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8308)
---

diff --git a/apps/ocsp.c b/apps/ocsp.c
index 09eeb9cf14..ddcab4c22e 100644
--- a/apps/ocsp.c
+++ b/apps/ocsp.c
@@ -641,8 +641,10 @@ redo_accept:
         goto end;
     }
 
-    if (req != NULL && add_nonce)
-        OCSP_request_add1_nonce(req, NULL, -1);
+    if (req != NULL && add_nonce) {
+        if (!OCSP_request_add1_nonce(req, NULL, -1))
+            goto end;
+    }
 
     if (signfile != NULL) {
         if (keyfile == NULL)
@@ -1245,7 +1247,10 @@ static void make_ocsp_response(BIO *err, OCSP_RESPONSE **resp, OCSP_REQUEST *req
             goto end;
         }
     }
-    OCSP_basic_sign_ctx(bs, rcert, mctx, rother, flags);
+    if (!OCSP_basic_sign_ctx(bs, rcert, mctx, rother, flags)) {
+        *resp = OCSP_response_create(OCSP_RESPONSE_STATUS_INTERNALERROR, bs);
+        goto end;
+    }
 
     if (badsig) {
         const ASN1_OCTET_STRING *sig = OCSP_resp_get0_signature(bs);