From 25aaa98aa249d26391c1994d2de449562c8b8b99 Mon Sep 17 00:00:00 2001 From: Rich Salz Date: Fri, 1 May 2015 14:37:16 -0400 Subject: free NULL cleanup -- coda After the finale, the "real" final part. :) Do a recursive grep with "-B1 -w [a-zA-Z0-9_]*_free" to see if any of the preceeding lines are an "if NULL" check that can be removed. Reviewed-by: Tim Hudson --- ssl/d1_both.c | 7 +++-- ssl/d1_clnt.c | 3 +- ssl/d1_lib.c | 6 ++-- ssl/record/rec_layer_d1.c | 13 +++------ ssl/s23_clnt.c | 3 +- ssl/s3_clnt.c | 13 +++------ ssl/s3_lib.c | 3 +- ssl/s3_srvr.c | 23 +++++----------- ssl/ssl_cert.c | 34 ++++++++--------------- ssl/ssl_ciph.c | 3 +- ssl/ssl_lib.c | 70 ++++++++++++++--------------------------------- ssl/ssl_rsa.c | 7 ++--- ssl/ssl_sess.c | 24 ++++++---------- 13 files changed, 68 insertions(+), 141 deletions(-) (limited to 'ssl') diff --git a/ssl/d1_both.c b/ssl/d1_both.c index 7b7f8760d1..3af3ba15cc 100644 --- a/ssl/d1_both.c +++ b/ssl/d1_both.c @@ -203,7 +203,8 @@ static hm_fragment *dtls1_hm_fragment_new(unsigned long frag_len, void dtls1_hm_fragment_free(hm_fragment *frag) { - + if (!frag) + return; if (frag->msg_header.is_ccs) { EVP_CIPHER_CTX_free(frag->msg_header. saved_retransmit_state.enc_write_ctx); @@ -724,7 +725,7 @@ dtls1_reassemble_fragment(SSL *s, const struct hm_header_st *msg_hdr, int *ok) return DTLS1_HM_FRAGMENT_RETRY; err: - if (frag != NULL && item == NULL) + if (item == NULL) dtls1_hm_fragment_free(frag); *ok = 0; return i; @@ -821,7 +822,7 @@ dtls1_process_out_of_seq_message(SSL *s, const struct hm_header_st *msg_hdr, return DTLS1_HM_FRAGMENT_RETRY; err: - if (frag != NULL && item == NULL) + if (item == NULL) dtls1_hm_fragment_free(frag); *ok = 0; return i; diff --git a/ssl/d1_clnt.c b/ssl/d1_clnt.c index 0f4373ee7e..b8efa88e7b 100644 --- a/ssl/d1_clnt.c +++ b/ssl/d1_clnt.c @@ -781,8 +781,7 @@ int dtls1_connect(SSL *s) s->in_handshake, NULL); #endif - if (buf != NULL) - BUF_MEM_free(buf); + BUF_MEM_free(buf); if (cb != NULL) cb(s, SSL_CB_CONNECT_EXIT, ret); return (ret); diff --git a/ssl/d1_lib.c b/ssl/d1_lib.c index 6946b32dea..81d532c277 100644 --- a/ssl/d1_lib.c +++ b/ssl/d1_lib.c @@ -153,10 +153,8 @@ int dtls1_new(SSL *s) d1->mtu = 0; if (!d1->buffered_messages || !d1->sent_messages) { - if (d1->buffered_messages) - pqueue_free(d1->buffered_messages); - if (d1->sent_messages) - pqueue_free(d1->sent_messages); + pqueue_free(d1->buffered_messages); + pqueue_free(d1->sent_messages); OPENSSL_free(d1); ssl3_free(s); return (0); diff --git a/ssl/record/rec_layer_d1.c b/ssl/record/rec_layer_d1.c index a78f150c34..a484c97bb5 100644 --- a/ssl/record/rec_layer_d1.c +++ b/ssl/record/rec_layer_d1.c @@ -140,12 +140,9 @@ int DTLS_RECORD_LAYER_new(RECORD_LAYER *rl) if (!d->unprocessed_rcds.q || !d->processed_rcds.q || !d->buffered_app_data.q) { - if (d->unprocessed_rcds.q) - pqueue_free(d->unprocessed_rcds.q); - if (d->processed_rcds.q) - pqueue_free(d->processed_rcds.q); - if (d->buffered_app_data.q) - pqueue_free(d->buffered_app_data.q); + pqueue_free(d->unprocessed_rcds.q); + pqueue_free(d->processed_rcds.q); + pqueue_free(d->buffered_app_data.q); OPENSSL_free(d); rl->d = NULL; return (0); @@ -266,9 +263,7 @@ int dtls1_buffer_record(SSL *s, record_pqueue *queue, unsigned char *priority) item = pitem_new(priority, rdata); if (rdata == NULL || item == NULL) { OPENSSL_free(rdata); - if (item != NULL) - pitem_free(item); - + pitem_free(item); SSLerr(SSL_F_DTLS1_BUFFER_RECORD, ERR_R_INTERNAL_ERROR); return -1; } diff --git a/ssl/s23_clnt.c b/ssl/s23_clnt.c index 4196eac2a9..34343402c8 100644 --- a/ssl/s23_clnt.c +++ b/ssl/s23_clnt.c @@ -249,8 +249,7 @@ int ssl23_connect(SSL *s) } end: s->in_handshake--; - if (buf != NULL) - BUF_MEM_free(buf); + BUF_MEM_free(buf); if (cb != NULL) cb(s, SSL_CB_CONNECT_EXIT, ret); return (ret); diff --git a/ssl/s3_clnt.c b/ssl/s3_clnt.c index 7915052e9a..f81f160237 100644 --- a/ssl/s3_clnt.c +++ b/ssl/s3_clnt.c @@ -599,11 +599,8 @@ int ssl3_connect(SSL *s) case SSL_ST_OK: /* clean a few things up */ ssl3_cleanup_key_block(s); - - if (s->init_buf != NULL) { - BUF_MEM_free(s->init_buf); - s->init_buf = NULL; - } + BUF_MEM_free(s->init_buf); + s->init_buf = NULL; /* * If we are not 'joining' the last two packets, remove the @@ -657,8 +654,7 @@ int ssl3_connect(SSL *s) } end: s->in_handshake--; - if (buf != NULL) - BUF_MEM_free(buf); + BUF_MEM_free(buf); if (cb != NULL) cb(s, SSL_CB_CONNECT_EXIT, ret); return (ret); @@ -3319,8 +3315,7 @@ int ssl3_send_client_certificate(SSL *s) } X509_free(x509); - if (pkey != NULL) - EVP_PKEY_free(pkey); + EVP_PKEY_free(pkey); if (i && !ssl3_check_client_certificate(s)) i = 0; if (i == 0) { diff --git a/ssl/s3_lib.c b/ssl/s3_lib.c index 4610e7fdff..c2fddb8a35 100644 --- a/ssl/s3_lib.c +++ b/ssl/s3_lib.c @@ -3131,8 +3131,7 @@ void ssl3_free(SSL *s) if (s->s3->handshake_dgst) ssl3_free_digest_list(s); #ifndef OPENSSL_NO_TLSEXT - if (s->s3->alpn_selected) - OPENSSL_free(s->s3->alpn_selected); + OPENSSL_free(s->s3->alpn_selected); #endif #ifndef OPENSSL_NO_SRP diff --git a/ssl/s3_srvr.c b/ssl/s3_srvr.c index 5b83407a96..d2c89957e2 100644 --- a/ssl/s3_srvr.c +++ b/ssl/s3_srvr.c @@ -1272,14 +1272,9 @@ int ssl3_get_client_hello(SSL *s) } s->session->cipher = pref_cipher; - - if (s->cipher_list) - sk_SSL_CIPHER_free(s->cipher_list); - - if (s->cipher_list_by_id) - sk_SSL_CIPHER_free(s->cipher_list_by_id); - + sk_SSL_CIPHER_free(s->cipher_list); s->cipher_list = sk_SSL_CIPHER_dup(s->session->ciphers); + sk_SSL_CIPHER_free(s->cipher_list_by_id); s->cipher_list_by_id = sk_SSL_CIPHER_dup(s->session->ciphers); } } @@ -1371,8 +1366,7 @@ int ssl3_get_client_hello(SSL *s) #else s->session->compress_meth = (comp == NULL) ? 0 : comp->id; #endif - if (s->session->ciphers != NULL) - sk_SSL_CIPHER_free(s->session->ciphers); + sk_SSL_CIPHER_free(s->session->ciphers); s->session->ciphers = ciphers; if (ciphers == NULL) { al = SSL_AD_INTERNAL_ERROR; @@ -1452,8 +1446,7 @@ int ssl3_get_client_hello(SSL *s) ssl3_send_alert(s, SSL3_AL_FATAL, al); } err: - if (ciphers != NULL) - sk_SSL_CIPHER_free(ciphers); + sk_SSL_CIPHER_free(ciphers); return ret < 0 ? -1 : ret; } @@ -3127,11 +3120,9 @@ int ssl3_get_cert_verify(SSL *s) ssl3_send_alert(s, SSL3_AL_FATAL, al); } end: - if (s->s3->handshake_buffer) { - BIO_free(s->s3->handshake_buffer); - s->s3->handshake_buffer = NULL; - s->s3->flags &= ~TLS1_FLAGS_KEEP_HANDSHAKE; - } + BIO_free(s->s3->handshake_buffer); + s->s3->handshake_buffer = NULL; + s->s3->flags &= ~TLS1_FLAGS_KEEP_HANDSHAKE; EVP_MD_CTX_cleanup(&mctx); EVP_PKEY_free(pkey); return (ret); diff --git a/ssl/ssl_cert.c b/ssl/ssl_cert.c index 5244ecb447..cce7f15b61 100644 --- a/ssl/ssl_cert.c +++ b/ssl/ssl_cert.c @@ -405,11 +405,9 @@ void ssl_cert_clear_certs(CERT *c) sk_X509_pop_free(cpk->chain, X509_free); cpk->chain = NULL; #ifndef OPENSSL_NO_TLSEXT - if (cpk->serverinfo) { - OPENSSL_free(cpk->serverinfo); - cpk->serverinfo = NULL; - cpk->serverinfo_length = 0; - } + OPENSSL_free(cpk->serverinfo); + cpk->serverinfo = NULL; + cpk->serverinfo_length = 0; #endif /* Clear all flags apart from explicit sign */ cpk->valid_flags &= CERT_PKEY_EXPLICIT_SIGN; @@ -447,20 +445,14 @@ void ssl_cert_free(CERT *c) #endif ssl_cert_clear_certs(c); - if (c->peer_sigalgs) - OPENSSL_free(c->peer_sigalgs); - if (c->conf_sigalgs) - OPENSSL_free(c->conf_sigalgs); - if (c->client_sigalgs) - OPENSSL_free(c->client_sigalgs); - if (c->shared_sigalgs) - OPENSSL_free(c->shared_sigalgs); - if (c->ctypes) - OPENSSL_free(c->ctypes); + OPENSSL_free(c->peer_sigalgs); + OPENSSL_free(c->conf_sigalgs); + OPENSSL_free(c->client_sigalgs); + OPENSSL_free(c->shared_sigalgs); + OPENSSL_free(c->ctypes); X509_STORE_free(c->verify_store); X509_STORE_free(c->chain_store); - if (c->ciphers_raw) - OPENSSL_free(c->ciphers_raw); + OPENSSL_free(c->ciphers_raw); #ifndef OPENSSL_NO_TLSEXT custom_exts_free(&c->cli_ext); custom_exts_free(&c->srv_ext); @@ -624,12 +616,11 @@ void ssl_sess_cert_free(SESS_CERT *sc) X509_free(sc->peer_pkeys[i].x509); #if 0 /* - * We don't have the peer's private key. These lines are just + * We don't have the peer's private key. This line is just * here as a reminder that we're still using a not-quite-appropriate * data structure. */ - if (sc->peer_pkeys[i].privatekey != NULL) - EVP_PKEY_free(sc->peer_pkeys[i].privatekey); + EVP_PKEY_free(sc->peer_pkeys[i].privatekey); #endif } @@ -917,8 +908,7 @@ int SSL_add_file_cert_subjects_to_stack(STACK_OF(X509_NAME) *stack, ret = 0; done: BIO_free(in); - if (x != NULL) - X509_free(x); + X509_free(x); (void)sk_X509_NAME_set_cmp_func(stack, oldcmp); return ret; } diff --git a/ssl/ssl_ciph.c b/ssl/ssl_ciph.c index 41af4f663e..6c6ac8db62 100644 --- a/ssl/ssl_ciph.c +++ b/ssl/ssl_ciph.c @@ -1600,8 +1600,7 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(const SSL_METHOD *ssl_method, STACK sk_SSL_CIPHER_free(cipherstack); return NULL; } - if (*cipher_list != NULL) - sk_SSL_CIPHER_free(*cipher_list); + sk_SSL_CIPHER_free(*cipher_list); *cipher_list = cipherstack; if (*cipher_list_by_id != NULL) sk_SSL_CIPHER_free(*cipher_list_by_id); diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c index 63e9712c1e..4dfd7ab7f0 100644 --- a/ssl/ssl_lib.c +++ b/ssl/ssl_lib.c @@ -216,15 +216,11 @@ int SSL_clear(SSL *s) s->client_version = s->version; s->rwstate = SSL_NOTHING; - if (s->init_buf != NULL) { - BUF_MEM_free(s->init_buf); - s->init_buf = NULL; - } - + BUF_MEM_free(s->init_buf); + s->init_buf = NULL; ssl_clear_cipher_ctx(s); ssl_clear_hash_ctx(&s->read_hash); ssl_clear_hash_ctx(&s->write_hash); - s->first_packet = 0; /* @@ -547,14 +543,11 @@ void SSL_free(SSL *s) if (s->wbio != s->rbio) BIO_free_all(s->wbio); - if (s->init_buf != NULL) - BUF_MEM_free(s->init_buf); + BUF_MEM_free(s->init_buf); /* add extra stuff */ - if (s->cipher_list != NULL) - sk_SSL_CIPHER_free(s->cipher_list); - if (s->cipher_list_by_id != NULL) - sk_SSL_CIPHER_free(s->cipher_list_by_id); + sk_SSL_CIPHER_free(s->cipher_list); + sk_SSL_CIPHER_free(s->cipher_list_by_id); /* Make the next call work :-) */ if (s->session != NULL) { @@ -577,8 +570,7 @@ void SSL_free(SSL *s) OPENSSL_free(s->tlsext_ellipticcurvelist); # endif /* OPENSSL_NO_EC */ sk_X509_EXTENSION_pop_free(s->tlsext_ocsp_exts, X509_EXTENSION_free); - if (s->tlsext_ocsp_ids) - sk_OCSP_RESPID_pop_free(s->tlsext_ocsp_ids, OCSP_RESPID_free); + sk_OCSP_RESPID_pop_free(s->tlsext_ocsp_ids, OCSP_RESPID_free); OPENSSL_free(s->tlsext_ocsp_resp); OPENSSL_free(s->alpn_client_proto_list); #endif @@ -602,8 +594,7 @@ void SSL_free(SSL *s) #endif #ifndef OPENSSL_NO_SRTP - if (s->srtp_profiles) - sk_SRTP_PROTECTION_PROFILE_free(s->srtp_profiles); + sk_SRTP_PROTECTION_PROFILE_free(s->srtp_profiles); #endif OPENSSL_free(s); @@ -1499,8 +1490,7 @@ STACK_OF(SSL_CIPHER) *ssl_bytes_to_cipher_list(SSL *s, unsigned char *p, sk_SSL_CIPHER_zero(sk); } - if (s->cert->ciphers_raw) - OPENSSL_free(s->cert->ciphers_raw); + OPENSSL_free(s->cert->ciphers_raw); s->cert->ciphers_raw = BUF_memdup(p, num); if (s->cert->ciphers_raw == NULL) { SSLerr(SSL_F_SSL_BYTES_TO_CIPHER_LIST, ERR_R_MALLOC_FAILURE); @@ -1721,9 +1711,7 @@ void SSL_CTX_set_next_proto_select_cb(SSL_CTX *ctx, int SSL_CTX_set_alpn_protos(SSL_CTX *ctx, const unsigned char *protos, unsigned protos_len) { - if (ctx->alpn_client_proto_list) - OPENSSL_free(ctx->alpn_client_proto_list); - + OPENSSL_free(ctx->alpn_client_proto_list); ctx->alpn_client_proto_list = OPENSSL_malloc(protos_len); if (!ctx->alpn_client_proto_list) return 1; @@ -1741,9 +1729,7 @@ int SSL_CTX_set_alpn_protos(SSL_CTX *ctx, const unsigned char *protos, int SSL_set_alpn_protos(SSL *ssl, const unsigned char *protos, unsigned protos_len) { - if (ssl->alpn_client_proto_list) - OPENSSL_free(ssl->alpn_client_proto_list); - + OPENSSL_free(ssl->alpn_client_proto_list); ssl->alpn_client_proto_list = OPENSSL_malloc(protos_len); if (!ssl->alpn_client_proto_list) return 1; @@ -2037,28 +2023,19 @@ void SSL_CTX_free(SSL_CTX *a) SSL_CTX_flush_sessions(a, 0); CRYPTO_free_ex_data(CRYPTO_EX_INDEX_SSL_CTX, a, &a->ex_data); - - if (a->sessions != NULL) - lh_SSL_SESSION_free(a->sessions); - + lh_SSL_SESSION_free(a->sessions); X509_STORE_free(a->cert_store); - if (a->cipher_list != NULL) - sk_SSL_CIPHER_free(a->cipher_list); - if (a->cipher_list_by_id != NULL) - sk_SSL_CIPHER_free(a->cipher_list_by_id); + sk_SSL_CIPHER_free(a->cipher_list); + sk_SSL_CIPHER_free(a->cipher_list_by_id); ssl_cert_free(a->cert); sk_X509_NAME_pop_free(a->client_CA, X509_NAME_free); sk_X509_pop_free(a->extra_certs, X509_free); a->comp_methods = NULL; - #ifndef OPENSSL_NO_SRTP - if (a->srtp_profiles) - sk_SRTP_PROTECTION_PROFILE_free(a->srtp_profiles); + sk_SRTP_PROTECTION_PROFILE_free(a->srtp_profiles); #endif - #ifndef OPENSSL_NO_PSK - if (a->psk_identity_hint) - OPENSSL_free(a->psk_identity_hint); + OPENSSL_free(a->psk_identity_hint); #endif #ifndef OPENSSL_NO_SRP SSL_CTX_SRP_CTX_free(a); @@ -2070,13 +2047,10 @@ void SSL_CTX_free(SSL_CTX *a) #ifndef OPENSSL_NO_TLSEXT # ifndef OPENSSL_NO_EC - if (a->tlsext_ecpointformatlist) - OPENSSL_free(a->tlsext_ecpointformatlist); - if (a->tlsext_ellipticcurvelist) - OPENSSL_free(a->tlsext_ellipticcurvelist); -# endif /* OPENSSL_NO_EC */ - if (a->alpn_client_proto_list != NULL) - OPENSSL_free(a->alpn_client_proto_list); + OPENSSL_free(a->tlsext_ecpointformatlist); + OPENSSL_free(a->tlsext_ellipticcurvelist); +# endif + OPENSSL_free(a->alpn_client_proto_list); #endif OPENSSL_free(a); @@ -3259,8 +3233,7 @@ int SSL_CTX_use_psk_identity_hint(SSL_CTX *ctx, const char *identity_hint) SSL_R_DATA_LENGTH_TOO_LONG); return 0; } - if (ctx->psk_identity_hint != NULL) - OPENSSL_free(ctx->psk_identity_hint); + OPENSSL_free(ctx->psk_identity_hint); if (identity_hint != NULL) { ctx->psk_identity_hint = BUF_strdup(identity_hint); if (ctx->psk_identity_hint == NULL) @@ -3282,8 +3255,7 @@ int SSL_use_psk_identity_hint(SSL *s, const char *identity_hint) SSLerr(SSL_F_SSL_USE_PSK_IDENTITY_HINT, SSL_R_DATA_LENGTH_TOO_LONG); return 0; } - if (s->session->psk_identity_hint != NULL) - OPENSSL_free(s->session->psk_identity_hint); + OPENSSL_free(s->session->psk_identity_hint); if (identity_hint != NULL) { s->session->psk_identity_hint = BUF_strdup(identity_hint); if (s->session->psk_identity_hint == NULL) diff --git a/ssl/ssl_rsa.c b/ssl/ssl_rsa.c index e4798e9316..305b185a4c 100644 --- a/ssl/ssl_rsa.c +++ b/ssl/ssl_rsa.c @@ -212,12 +212,10 @@ static int ssl_set_pkey(CERT *c, EVP_PKEY *pkey) } } - if (c->pkeys[i].privatekey != NULL) - EVP_PKEY_free(c->pkeys[i].privatekey); + EVP_PKEY_free(c->pkeys[i].privatekey); CRYPTO_add(&pkey->references, 1, CRYPTO_LOCK_EVP_PKEY); c->pkeys[i].privatekey = pkey; c->key = &(c->pkeys[i]); - c->valid = 0; return (1); } @@ -715,8 +713,7 @@ int SSL_CTX_use_certificate_chain_file(SSL_CTX *ctx, const char *file) } end: - if (x != NULL) - X509_free(x); + X509_free(x); BIO_free(in); return (ret); } diff --git a/ssl/ssl_sess.c b/ssl/ssl_sess.c index a376875803..1a00c38882 100644 --- a/ssl/ssl_sess.c +++ b/ssl/ssl_sess.c @@ -733,31 +733,23 @@ void SSL_SESSION_free(SSL_SESSION *ss) OPENSSL_cleanse(ss->session_id, sizeof ss->session_id); ssl_sess_cert_free(ss->sess_cert); X509_free(ss->peer); - if (ss->ciphers != NULL) - sk_SSL_CIPHER_free(ss->ciphers); + sk_SSL_CIPHER_free(ss->ciphers); #ifndef OPENSSL_NO_TLSEXT - if (ss->tlsext_hostname != NULL) - OPENSSL_free(ss->tlsext_hostname); - if (ss->tlsext_tick != NULL) - OPENSSL_free(ss->tlsext_tick); + OPENSSL_free(ss->tlsext_hostname); + OPENSSL_free(ss->tlsext_tick); # ifndef OPENSSL_NO_EC ss->tlsext_ecpointformatlist_length = 0; - if (ss->tlsext_ecpointformatlist != NULL) - OPENSSL_free(ss->tlsext_ecpointformatlist); + OPENSSL_free(ss->tlsext_ecpointformatlist); ss->tlsext_ellipticcurvelist_length = 0; - if (ss->tlsext_ellipticcurvelist != NULL) - OPENSSL_free(ss->tlsext_ellipticcurvelist); + OPENSSL_free(ss->tlsext_ellipticcurvelist); # endif /* OPENSSL_NO_EC */ #endif #ifndef OPENSSL_NO_PSK - if (ss->psk_identity_hint != NULL) - OPENSSL_free(ss->psk_identity_hint); - if (ss->psk_identity != NULL) - OPENSSL_free(ss->psk_identity); + OPENSSL_free(ss->psk_identity_hint); + OPENSSL_free(ss->psk_identity); #endif #ifndef OPENSSL_NO_SRP - if (ss->srp_username != NULL) - OPENSSL_free(ss->srp_username); + OPENSSL_free(ss->srp_username); #endif OPENSSL_clear_free(ss, sizeof(*ss)); } -- cgit v1.2.3