crypto/x509/t_x509.c: check i2d_X509_NAME() return value in X509_ocspid_print()

There is little reason for this call to fail, but there is also little
reason for not to check for it, and, since Coverity noticed
that the check is missing, just add it.

Resolves: https://scan5.scan.coverity.com/#/project-view/65248/10222?selectedIssue=1665420
References: https://github.com/openssl/project/issues/1432
Signed-off-by: Eugene Syromiatnikov <esyr@openssl.org>
Reviewed-by: Paul Dale <ppzgs1@gmail.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/28649)

diff --git a/crypto/x509/t_x509.c b/crypto/x509/t_x509.c
index 5b0282bc132fa00cfcb164c101564d7b731ada33..3b75780b5d20bb2c670a842269e332afcb18eb94 100644 (file)
--- a/crypto/x509/t_x509.c
+++ b/crypto/x509/t_x509.c
@@ -243,7 +243,8 @@ int X509_ocspid_print(BIO *bp, X509 *x)
         goto err;
     if ((der = dertmp = OPENSSL_malloc(derlen)) == NULL)
         goto err;
-    i2d_X509_NAME(subj, &dertmp);
+    if (i2d_X509_NAME(subj, &dertmp) < 0)
+        goto err;
 
     md = EVP_MD_fetch(x->libctx, SN_sha1, x->propq);
     if (md == NULL)