diff options
author | Rich Salz <rsalz@openssl.org> | 2015-04-30 17:33:59 -0400 |
---|---|---|
committer | Rich Salz <rsalz@openssl.org> | 2015-04-30 17:33:59 -0400 |
commit | 222561fe8ef510f336417a666f69f81ddc9b8fe4 (patch) | |
tree | 70bc6af70550022bc7b7af45bd3c6d64d7fc2680 /ssl | |
parent | 2ace745022f5af0709297e96eb0b0829c87c4291 (diff) | |
download | openssl-222561fe8ef510f336417a666f69f81ddc9b8fe4.tar.gz |
free NULL cleanup 5a
Don't check for NULL before calling a free routine. This gets X509_.*free:
x509_name_ex_free X509_policy_tree_free X509_VERIFY_PARAM_free
X509_STORE_free X509_STORE_CTX_free X509_PKEY_free
X509_OBJECT_free_contents X509_LOOKUP_free X509_INFO_free
Reviewed-by: Richard Levitte <levitte@openssl.org>
Diffstat (limited to 'ssl')
-rw-r--r-- | ssl/s3_clnt.c | 18 | ||||
-rw-r--r-- | ssl/s3_lib.c | 12 | ||||
-rw-r--r-- | ssl/s3_srvr.c | 12 | ||||
-rw-r--r-- | ssl/ssl_cert.c | 46 | ||||
-rw-r--r-- | ssl/ssl_lib.c | 25 | ||||
-rw-r--r-- | ssl/ssl_rsa.c | 9 | ||||
-rw-r--r-- | ssl/ssl_sess.c | 3 | ||||
-rw-r--r-- | ssl/t1_lib.c | 7 |
8 files changed, 43 insertions, 89 deletions
diff --git a/ssl/s3_clnt.c b/ssl/s3_clnt.c index 3eb67ef17b..bbff778d44 100644 --- a/ssl/s3_clnt.c +++ b/ssl/s3_clnt.c @@ -1314,21 +1314,18 @@ int ssl3_get_server_certificate(SSL *s) * Why would the following ever happen? We just created sc a couple * of lines ago. */ - if (sc->peer_pkeys[i].x509 != NULL) - X509_free(sc->peer_pkeys[i].x509); + X509_free(sc->peer_pkeys[i].x509); sc->peer_pkeys[i].x509 = x; sc->peer_key = &(sc->peer_pkeys[i]); - if (s->session->peer != NULL) - X509_free(s->session->peer); + X509_free(s->session->peer); CRYPTO_add(&x->references, 1, CRYPTO_LOCK_X509); s->session->peer = x; } else { sc->peer_cert_type = i; sc->peer_key = NULL; - if (s->session->peer != NULL) - X509_free(s->session->peer); + X509_free(s->session->peer); s->session->peer = NULL; } s->session->verify_result = s->verify_result; @@ -2149,15 +2146,13 @@ int ssl3_get_certificate_request(SSL *s) /* we should setup a certificate to return.... */ s->s3->tmp.cert_req = 1; s->s3->tmp.ctype_num = ctype_num; - if (s->s3->tmp.ca_names != NULL) - sk_X509_NAME_pop_free(s->s3->tmp.ca_names, X509_NAME_free); + sk_X509_NAME_pop_free(s->s3->tmp.ca_names, X509_NAME_free); s->s3->tmp.ca_names = ca_sk; ca_sk = NULL; ret = 1; err: - if (ca_sk != NULL) - sk_X509_NAME_pop_free(ca_sk, X509_NAME_free); + sk_X509_NAME_pop_free(ca_sk, X509_NAME_free); return (ret); } @@ -3339,8 +3334,7 @@ int ssl3_send_client_certificate(SSL *s) SSL_R_BAD_DATA_RETURNED_BY_CALLBACK); } - if (x509 != NULL) - X509_free(x509); + X509_free(x509); if (pkey != NULL) EVP_PKEY_free(pkey); if (i && !ssl3_check_client_certificate(s)) diff --git a/ssl/s3_lib.c b/ssl/s3_lib.c index 7bb3a9257f..ef2ddb4973 100644 --- a/ssl/s3_lib.c +++ b/ssl/s3_lib.c @@ -3126,8 +3126,7 @@ void ssl3_free(SSL *s) EC_KEY_free(s->s3->tmp.ecdh); #endif - if (s->s3->tmp.ca_names != NULL) - sk_X509_NAME_pop_free(s->s3->tmp.ca_names, X509_NAME_free); + sk_X509_NAME_pop_free(s->s3->tmp.ca_names, X509_NAME_free); BIO_free(s->s3->handshake_buffer); if (s->s3->handshake_dgst) ssl3_free_digest_list(s); @@ -3149,8 +3148,7 @@ void ssl3_clear(SSL *s) int init_extra; ssl3_cleanup_key_block(s); - if (s->s3->tmp.ca_names != NULL) - sk_X509_NAME_pop_free(s->s3->tmp.ca_names, X509_NAME_free); + sk_X509_NAME_pop_free(s->s3->tmp.ca_names, X509_NAME_free); #ifndef OPENSSL_NO_DH DH_free(s->s3->tmp.dh); @@ -3925,10 +3923,8 @@ long ssl3_ctx_ctrl(SSL_CTX *ctx, int cmd, long larg, void *parg) break; case SSL_CTRL_CLEAR_EXTRA_CHAIN_CERTS: - if (ctx->extra_certs) { - sk_X509_pop_free(ctx->extra_certs, X509_free); - ctx->extra_certs = NULL; - } + sk_X509_pop_free(ctx->extra_certs, X509_free); + ctx->extra_certs = NULL; break; case SSL_CTRL_CHAIN: diff --git a/ssl/s3_srvr.c b/ssl/s3_srvr.c index 6c1ba3ae48..77420a1e7a 100644 --- a/ssl/s3_srvr.c +++ b/ssl/s3_srvr.c @@ -3271,8 +3271,7 @@ int ssl3_get_client_certificate(SSL *s) EVP_PKEY_free(pkey); } - if (s->session->peer != NULL) /* This should not be needed */ - X509_free(s->session->peer); + X509_free(s->session->peer); s->session->peer = sk_X509_shift(sk); s->session->verify_result = s->verify_result; @@ -3287,8 +3286,7 @@ int ssl3_get_client_certificate(SSL *s) goto err; } } - if (s->session->sess_cert->cert_chain != NULL) - sk_X509_pop_free(s->session->sess_cert->cert_chain, X509_free); + sk_X509_pop_free(s->session->sess_cert->cert_chain, X509_free); s->session->sess_cert->cert_chain = sk; /* * Inconsistency alert: cert_chain does *not* include the peer's own @@ -3303,10 +3301,8 @@ int ssl3_get_client_certificate(SSL *s) ssl3_send_alert(s, SSL3_AL_FATAL, al); } err: - if (x != NULL) - X509_free(x); - if (sk != NULL) - sk_X509_pop_free(sk, X509_free); + X509_free(x); + sk_X509_pop_free(sk, X509_free); return (ret); } diff --git a/ssl/ssl_cert.c b/ssl/ssl_cert.c index 4daa29692b..0ae9646991 100644 --- a/ssl/ssl_cert.c +++ b/ssl/ssl_cert.c @@ -398,16 +398,12 @@ void ssl_cert_clear_certs(CERT *c) return; for (i = 0; i < SSL_PKEY_NUM; i++) { CERT_PKEY *cpk = c->pkeys + i; - if (cpk->x509) { - X509_free(cpk->x509); - cpk->x509 = NULL; - } + X509_free(cpk->x509); + cpk->x509 = NULL; EVP_PKEY_free(cpk->privatekey); cpk->privatekey = NULL; - if (cpk->chain) { - sk_X509_pop_free(cpk->chain, X509_free); - cpk->chain = NULL; - } + sk_X509_pop_free(cpk->chain, X509_free); + cpk->chain = NULL; #ifndef OPENSSL_NO_TLSEXT if (cpk->serverinfo) { OPENSSL_free(cpk->serverinfo); @@ -461,10 +457,8 @@ void ssl_cert_free(CERT *c) OPENSSL_free(c->shared_sigalgs); if (c->ctypes) OPENSSL_free(c->ctypes); - if (c->verify_store) - X509_STORE_free(c->verify_store); - if (c->chain_store) - X509_STORE_free(c->chain_store); + X509_STORE_free(c->verify_store); + X509_STORE_free(c->chain_store); if (c->ciphers_raw) OPENSSL_free(c->ciphers_raw); #ifndef OPENSSL_NO_TLSEXT @@ -485,8 +479,7 @@ int ssl_cert_set0_chain(SSL *s, SSL_CTX *ctx, STACK_OF(X509) *chain) CERT_PKEY *cpk = s ? s->cert->key : ctx->cert->key; if (!cpk) return 0; - if (cpk->chain) - sk_X509_pop_free(cpk->chain, X509_free); + sk_X509_pop_free(cpk->chain, X509_free); for (i = 0; i < sk_X509_num(chain); i++) { r = ssl_security_cert(s, ctx, sk_X509_value(chain, i), 0, 0); if (r != 1) { @@ -629,11 +622,9 @@ void ssl_sess_cert_free(SESS_CERT *sc) #endif /* i == 0 */ - if (sc->cert_chain != NULL) - sk_X509_pop_free(sc->cert_chain, X509_free); + sk_X509_pop_free(sc->cert_chain, X509_free); for (i = 0; i < SSL_PKEY_NUM; i++) { - if (sc->peer_pkeys[i].x509 != NULL) - X509_free(sc->peer_pkeys[i].x509); + X509_free(sc->peer_pkeys[i].x509); #if 0 /* * We don't have the peer's private key. These lines are just @@ -726,9 +717,7 @@ int ssl_verify_cert_chain(SSL *s, STACK_OF(X509) *sk) static void set_client_CA_list(STACK_OF(X509_NAME) **ca_list, STACK_OF(X509_NAME) *name_list) { - if (*ca_list != NULL) - sk_X509_NAME_pop_free(*ca_list, X509_NAME_free); - + sk_X509_NAME_pop_free(*ca_list, X509_NAME_free); *ca_list = name_list; } @@ -867,15 +856,12 @@ STACK_OF(X509_NAME) *SSL_load_client_CA_file(const char *file) if (0) { err: - if (ret != NULL) - sk_X509_NAME_pop_free(ret, X509_NAME_free); + sk_X509_NAME_pop_free(ret, X509_NAME_free); ret = NULL; } - if (sk != NULL) - sk_X509_NAME_free(sk); + sk_X509_NAME_free(sk); BIO_free(in); - if (x != NULL) - X509_free(x); + X509_free(x); if (ret != NULL) ERR_clear_error(); return (ret); @@ -1205,8 +1191,7 @@ int ssl_build_cert_chain(SSL *s, SSL_CTX *ctx, int flags) goto err; } } - if (cpk->chain) - sk_X509_pop_free(cpk->chain, X509_free); + sk_X509_pop_free(cpk->chain, X509_free); cpk->chain = chain; if (rv == 0) rv = 1; @@ -1224,8 +1209,7 @@ int ssl_cert_set_cert_store(CERT *c, X509_STORE *store, int chain, int ref) pstore = &c->chain_store; else pstore = &c->verify_store; - if (*pstore) - X509_STORE_free(*pstore); + X509_STORE_free(*pstore); *pstore = store; if (ref && store) CRYPTO_add(&store->references, 1, CRYPTO_LOCK_X509_STORE); diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c index 73eafdb542..7319cd85df 100644 --- a/ssl/ssl_lib.c +++ b/ssl/ssl_lib.c @@ -532,9 +532,7 @@ void SSL_free(SSL *s) } #endif - if (s->param) - X509_VERIFY_PARAM_free(s->param); - + X509_VERIFY_PARAM_free(s->param); CRYPTO_free_ex_data(CRYPTO_EX_INDEX_SSL, s, &s->ex_data); if (s->bbio != NULL) { @@ -581,8 +579,7 @@ void SSL_free(SSL *s) if (s->tlsext_ellipticcurvelist) OPENSSL_free(s->tlsext_ellipticcurvelist); # endif /* OPENSSL_NO_EC */ - if (s->tlsext_ocsp_exts) - sk_X509_EXTENSION_pop_free(s->tlsext_ocsp_exts, X509_EXTENSION_free); + sk_X509_EXTENSION_pop_free(s->tlsext_ocsp_exts, X509_EXTENSION_free); if (s->tlsext_ocsp_ids) sk_OCSP_RESPID_pop_free(s->tlsext_ocsp_ids, OCSP_RESPID_free); if (s->tlsext_ocsp_resp) @@ -591,8 +588,7 @@ void SSL_free(SSL *s) OPENSSL_free(s->alpn_client_proto_list); #endif - if (s->client_CA != NULL) - sk_X509_NAME_pop_free(s->client_CA, X509_NAME_free); + sk_X509_NAME_pop_free(s->client_CA, X509_NAME_free); if (s->method != NULL) s->method->ssl_free(s); @@ -2032,8 +2028,7 @@ void SSL_CTX_free(SSL_CTX *a) } #endif - if (a->param) - X509_VERIFY_PARAM_free(a->param); + X509_VERIFY_PARAM_free(a->param); /* * Free internal session cache. However: the remove_cb() may reference @@ -2052,17 +2047,14 @@ void SSL_CTX_free(SSL_CTX *a) if (a->sessions != NULL) lh_SSL_SESSION_free(a->sessions); - if (a->cert_store != NULL) - X509_STORE_free(a->cert_store); + X509_STORE_free(a->cert_store); if (a->cipher_list != NULL) sk_SSL_CIPHER_free(a->cipher_list); if (a->cipher_list_by_id != NULL) sk_SSL_CIPHER_free(a->cipher_list_by_id); ssl_cert_free(a->cert); - if (a->client_CA != NULL) - sk_X509_NAME_pop_free(a->client_CA, X509_NAME_free); - if (a->extra_certs != NULL) - sk_X509_pop_free(a->extra_certs, X509_free); + sk_X509_NAME_pop_free(a->client_CA, X509_NAME_free); + sk_X509_pop_free(a->extra_certs, X509_free); a->comp_methods = NULL; #ifndef OPENSSL_NO_SRTP @@ -3186,8 +3178,7 @@ X509_STORE *SSL_CTX_get_cert_store(const SSL_CTX *ctx) void SSL_CTX_set_cert_store(SSL_CTX *ctx, X509_STORE *store) { - if (ctx->cert_store != NULL) - X509_STORE_free(ctx->cert_store); + X509_STORE_free(ctx->cert_store); ctx->cert_store = store; } diff --git a/ssl/ssl_rsa.c b/ssl/ssl_rsa.c index b5d457a9eb..e4798e9316 100644 --- a/ssl/ssl_rsa.c +++ b/ssl/ssl_rsa.c @@ -119,8 +119,7 @@ int SSL_use_certificate_file(SSL *ssl, const char *file, int type) ret = SSL_use_certificate(ssl, x); end: - if (x != NULL) - X509_free(x); + X509_free(x); BIO_free(in); return (ret); } @@ -418,8 +417,7 @@ static int ssl_set_cert(CERT *c, X509 *x) EVP_PKEY_free(pkey); - if (c->pkeys[i].x509 != NULL) - X509_free(c->pkeys[i].x509); + X509_free(c->pkeys[i].x509); CRYPTO_add(&x->references, 1, CRYPTO_LOCK_X509); c->pkeys[i].x509 = x; c->key = &(c->pkeys[i]); @@ -465,8 +463,7 @@ int SSL_CTX_use_certificate_file(SSL_CTX *ctx, const char *file, int type) ret = SSL_CTX_use_certificate(ctx, x); end: - if (x != NULL) - X509_free(x); + X509_free(x); BIO_free(in); return (ret); } diff --git a/ssl/ssl_sess.c b/ssl/ssl_sess.c index 51f30fbd3d..eed38ca73c 100644 --- a/ssl/ssl_sess.c +++ b/ssl/ssl_sess.c @@ -732,8 +732,7 @@ void SSL_SESSION_free(SSL_SESSION *ss) OPENSSL_cleanse(ss->master_key, sizeof ss->master_key); OPENSSL_cleanse(ss->session_id, sizeof ss->session_id); ssl_sess_cert_free(ss->sess_cert); - if (ss->peer != NULL) - X509_free(ss->peer); + X509_free(ss->peer); if (ss->ciphers != NULL) sk_SSL_CIPHER_free(ss->ciphers); #ifndef OPENSSL_NO_TLSEXT diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c index 985c357563..b77074a0a5 100644 --- a/ssl/t1_lib.c +++ b/ssl/t1_lib.c @@ -2219,11 +2219,8 @@ static int ssl_scan_clienthello_tlsext(SSL *s, unsigned char **p, } sdata = data; if (dsize > 0) { - if (s->tlsext_ocsp_exts) { - sk_X509_EXTENSION_pop_free(s->tlsext_ocsp_exts, - X509_EXTENSION_free); - } - + sk_X509_EXTENSION_pop_free(s->tlsext_ocsp_exts, + X509_EXTENSION_free); s->tlsext_ocsp_exts = d2i_X509_EXTENSIONS(NULL, &sdata, dsize); if (!s->tlsext_ocsp_exts || (data + dsize != sdata)) { |