crypto/x509/t_x509.c: check i2d_X509_NAME() return value in X509_ocspid_print()

There is little reason for this call to fail, but there is also little
reason for not to check for it, and, since Coverity noticed
that the check is missing, just add it.

Resolves: https://scan5.scan.coverity.com/#/project-view/65248/10222?selectedIssue=1665420
References: https://github.com/openssl/project/issues/1432
Signed-off-by: Eugene Syromiatnikov <esyr@openssl.org>
Reviewed-by: Paul Dale <ppzgs1@gmail.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/28647)

(cherry picked from commit d650e962d8f2d6ba57b2cd76ecd0c31906fd2d5a)

diff --git a/crypto/x509/t_x509.c b/crypto/x509/t_x509.c
index 7d693669cd369aa1e0d4bbc1686b4b121717507e..d849e642ce8bd84c2284abe37e28eff799a74fcd 100644 (file)
--- a/crypto/x509/t_x509.c
+++ b/crypto/x509/t_x509.c
@@ -219,7 +219,8 @@ int X509_ocspid_print(BIO *bp, X509 *x)
         goto err;
     if ((der = dertmp = OPENSSL_malloc(derlen)) == NULL)
         goto err;
-    i2d_X509_NAME(subj, &dertmp);
+    if (i2d_X509_NAME(subj, &dertmp) < 0)
+        goto err;
 
     md = EVP_MD_fetch(x->libctx, SN_sha1, x->propq);
     if (md == NULL)