64 lines
2.2 KiB
Diff
64 lines
2.2 KiB
Diff
From 9e4497d1dd2a337be1f69e0cfb24ce8080690ccf Mon Sep 17 00:00:00 2001
|
|
From: Stephen Gallagher <sgallagh@redhat.com>
|
|
Date: Wed, 28 Nov 2018 09:16:29 -0500
|
|
Subject: [PATCH 4/4] Properly check all return values
|
|
|
|
Signed-off-by: Stephen Gallagher <sgallagh@redhat.com>
|
|
---
|
|
src/authority.c | 1 +
|
|
src/service.c | 1 +
|
|
src/x509.c | 1 +
|
|
3 files changed, 3 insertions(+)
|
|
|
|
diff --git a/src/authority.c b/src/authority.c
|
|
index b735868416b7fb5d016f0854baf0f27cd5f98b26..4e0dccc6c1210beffb38acd9f7dfb6108ca4a4ad 100644
|
|
--- a/src/authority.c
|
|
+++ b/src/authority.c
|
|
@@ -178,10 +178,11 @@ create_private_CA (TALLOC_CTX *mem_ctx,
|
|
}
|
|
sk_X509_EXTENSION_push (ca_certinfo->extensions, ex);
|
|
|
|
/* Finalize the CSR */
|
|
ret = sscg_x509v3_csr_finalize (ca_certinfo, pkey, csr);
|
|
+ CHECK_OK (ret);
|
|
|
|
if (options->verbosity >= SSCG_DEBUG)
|
|
{
|
|
fprintf (stderr, "DEBUG: Writing CA CSR to ./debug-ca.csr\n");
|
|
BIO *ca_csr_out = BIO_new_file ("./debug-ca.csr", "w");
|
|
diff --git a/src/service.c b/src/service.c
|
|
index b292e94063f032fd3c34a8134702063ea46bfa0c..34c976dbe905528000b181c24d1fa95da3cd1377 100644
|
|
--- a/src/service.c
|
|
+++ b/src/service.c
|
|
@@ -124,10 +124,11 @@ create_service_cert (TALLOC_CTX *mem_ctx,
|
|
ret = sscg_x509v3_csr_new (tmp_ctx, svc_certinfo, pkey, &csr);
|
|
CHECK_OK (ret);
|
|
|
|
/* Finalize the CSR */
|
|
ret = sscg_x509v3_csr_finalize (svc_certinfo, pkey, csr);
|
|
+ CHECK_OK (ret);
|
|
|
|
if (options->verbosity >= SSCG_DEBUG)
|
|
{
|
|
fprintf (stderr,
|
|
"DEBUG: Writing service certificate CSR to ./debug-svc.csr\n");
|
|
diff --git a/src/x509.c b/src/x509.c
|
|
index 6d152fc969d745cc5cf085116c8688866f9d6ab4..18f0627bc64e7cb503a9e81c36dbe726186d1144 100644
|
|
--- a/src/x509.c
|
|
+++ b/src/x509.c
|
|
@@ -39,10 +39,11 @@ sscg_generate_serial (TALLOC_CTX *mem_ctx, struct sscg_bignum **serial)
|
|
{
|
|
return ENOMEM;
|
|
}
|
|
|
|
ret = sscg_init_bignum (tmp_ctx, 0, &bn);
|
|
+ CHECK_OK (ret);
|
|
|
|
/* We'll create a random number of sizeof(unsigned long) - 1 bits
|
|
to use as the serial. We use unsigned long to ensure that it
|
|
could be printed by BN_get_word() later. We omit the last bit
|
|
in order to ensure that we can't randomly get 0xffffffffL, which
|
|
--
|
|
2.19.1
|
|
|