crypto/x509/t_x509.c: check i2d_X509_NAME() return value in X509_ocspid_print()

There is little reason for this call to fail, but there is also little
reason for not to check for it, and, since Coverity noticed
that the check is missing, just add it.

Resolves: https://scan5.scan.coverity.com/#/project-view/65248/10222?selectedIssue=1665420
References: https://github.com/openssl/project/issues/1432
Signed-off-by: Eugene Syromiatnikov <esyr@openssl.org>
Reviewed-by: Paul Dale <ppzgs1@gmail.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/28648)

diff --git a/crypto/x509/t_x509.c b/crypto/x509/t_x509.c
index 192998d45332c961effbefa2193af80336b1784a..4490c51392136c5b9bf8c19c6b6dddca34de42c0 100644 (file)
--- a/crypto/x509/t_x509.c
+++ b/crypto/x509/t_x509.c
@@ -247,7 +247,8 @@ int X509_ocspid_print(BIO *bp, X509 *x)
         goto err;
     if ((der = dertmp = OPENSSL_malloc(derlen)) == NULL)
         goto err;
-    i2d_X509_NAME(subj, &dertmp);
+    if (i2d_X509_NAME(subj, &dertmp) < 0)
+        goto err;
 
     md = EVP_MD_fetch(x->libctx, SN_sha1, x->propq);
     if (md == NULL)