From: Eugene Syromiatnikov <esyr@openssl.org>
Date: Mon, 15 Sep 2025 01:31:31 +0000 (+0200)
Subject: crypto/x509/t_x509.c: check i2d_X509_NAME() return value in X509_ocspid_print()
X-Git-Tag: openssl-3.3.5~15
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=1676ac44be474836da3970458c00d48604ec4cac;p=thirdparty%2Fopenssl.git

crypto/x509/t_x509.c: check i2d_X509_NAME() return value in X509_ocspid_print()

There is little reason for this call to fail, but there is also little
reason for not to check for it, and, since Coverity noticed
that the check is missing, just add it.

Resolves: https://scan5.scan.coverity.com/#/project-view/65248/10222?selectedIssue=1665420
References: https://github.com/openssl/project/issues/1432
Signed-off-by: Eugene Syromiatnikov <esyr@openssl.org>

Reviewed-by: Paul Dale <ppzgs1@gmail.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/28648)

(cherry picked from commit 19b3dcbbc28ca3269abe1b4a4213325ba07fa18f)
---

diff --git a/crypto/x509/t_x509.c b/crypto/x509/t_x509.c
index 192998d4533..4490c513921 100644
--- a/crypto/x509/t_x509.c
+++ b/crypto/x509/t_x509.c
@@ -247,7 +247,8 @@ int X509_ocspid_print(BIO *bp, X509 *x)
         goto err;
     if ((der = dertmp = OPENSSL_malloc(derlen)) == NULL)
         goto err;
-    i2d_X509_NAME(subj, &dertmp);
+    if (i2d_X509_NAME(subj, &dertmp) < 0)
+        goto err;
 
     md = EVP_MD_fetch(x->libctx, SN_sha1, x->propq);
     if (md == NULL)