From: Tomas Mraz <tomas@openssl.org>
Date: Thu, 6 Jun 2024 13:36:00 +0000 (+0200)
Subject: ASN1_item_verify_ctx(): Return -1 on fatal errors
X-Git-Tag: openssl-3.1.7~95
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=ae1e12ef1d94cb34e58722b19e8242ded1457269;p=thirdparty%2Fopenssl.git

ASN1_item_verify_ctx(): Return -1 on fatal errors

Fixes #24575

Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/24576)

(cherry picked from commit 8d380f85da215012570347f156e642d69909877a)
---

diff --git a/crypto/asn1/a_verify.c b/crypto/asn1/a_verify.c
index 9bf9bdd14ec..c74b37e6974 100644
--- a/crypto/asn1/a_verify.c
+++ b/crypto/asn1/a_verify.c
@@ -203,10 +203,12 @@ int ASN1_item_verify_ctx(const ASN1_ITEM *it, const X509_ALGOR *alg,
     inl = ASN1_item_i2d(data, &buf_in, it);
     if (inl <= 0) {
         ERR_raise(ERR_LIB_ASN1, ERR_R_INTERNAL_ERROR);
+        ret = -1;
         goto err;
     }
     if (buf_in == NULL) {
         ERR_raise(ERR_LIB_ASN1, ERR_R_MALLOC_FAILURE);
+        ret = -1;
         goto err;
     }
     inll = inl;