From e5a5e3f3db5832f7ba4eff8016bad00f37dada58 Mon Sep 17 00:00:00 2001
From: FdaSilvaYY <fdasilvayy@gmail.com>
Date: Sun, 14 Feb 2016 10:42:29 +0100
Subject: Add checks on CRYPTO_set_ex_data return value Fix possible leak in
 danetest.c

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
---
 test/danetest.c | 8 +++++---
 1 file changed, 5 insertions(+), 3 deletions(-)

(limited to 'test/danetest.c')

diff --git a/test/danetest.c b/test/danetest.c
index d914c45d05..d473b12689 100644
--- a/test/danetest.c
+++ b/test/danetest.c
@@ -74,7 +74,7 @@ static void print_errors(void)
 
 static int verify_chain(SSL *ssl, STACK_OF(X509) *chain)
 {
-    int ret;
+    int ret = -1;
     X509_STORE_CTX *store_ctx;
     SSL_CTX *ssl_ctx = SSL_get_SSL_CTX(ssl);
     X509_STORE *store = SSL_CTX_get_cert_store(ssl_ctx);
@@ -85,8 +85,9 @@ static int verify_chain(SSL *ssl, STACK_OF(X509) *chain)
         return -1;
 
     if (!X509_STORE_CTX_init(store_ctx, store, cert, chain))
-        return 0;
-    X509_STORE_CTX_set_ex_data(store_ctx, store_ctx_idx, ssl);
+        goto end;
+    if (!X509_STORE_CTX_set_ex_data(store_ctx, store_ctx_idx, ssl))
+        goto end;
 
     X509_STORE_CTX_set_default(store_ctx,
             SSL_is_server(ssl) ? "ssl_client" : "ssl_server");
@@ -101,6 +102,7 @@ static int verify_chain(SSL *ssl, STACK_OF(X509) *chain)
 
     SSL_set_verify_result(ssl, X509_STORE_CTX_get_error(store_ctx));
     X509_STORE_CTX_cleanup(store_ctx);
+end:
     X509_STORE_CTX_free(store_ctx);
 
     return (ret);
-- 
cgit v1.2.3