From 61b66ffcc29f28900db4b037865a2206eb62242e Mon Sep 17 00:00:00 2001
From: David Benjamin <davidben@chromium.org>
Date: Fri, 25 Jul 2014 03:58:53 -0400
Subject: [PATCH] Fix error-handling bugs.

Caught by clang scan-build.

Change-Id: I133d0338fe38172d687c02099d909366a59ee95b
Reviewed-on: https://boringssl-review.googlesource.com/1343
Reviewed-by: Adam Langley <agl@google.com>
---
 crypto/rsa/padding.c  |  9 +++++----
 crypto/x509/x509_lu.c | 39 ++++++++++++++++++---------------------
 ssl/ssl_lib.c         |  4 ++--
 3 files changed, 25 insertions(+), 27 deletions(-)

diff --git a/crypto/rsa/padding.c b/crypto/rsa/padding.c
index c7b088fb..b422bb87 100644
--- a/crypto/rsa/padding.c
+++ b/crypto/rsa/padding.c
@@ -474,28 +474,28 @@ int RSA_padding_check_PKCS1_OAEP_mgf1(uint8_t *to, unsigned tlen,
   if (db == NULL) {
     OPENSSL_PUT_ERROR(RSA, RSA_padding_check_PKCS1_OAEP_mgf1,
                       ERR_R_MALLOC_FAILURE);
-    return -1;
+    goto err;
   }
 
   maskedseed = from + 1;
   maskeddb = from + 1 + mdlen;
 
   if (PKCS1_MGF1(seed, mdlen, maskeddb, dblen, mgf1md)) {
-    return -1;
+    goto err;
   }
   for (i = 0; i < mdlen; i++) {
     seed[i] ^= maskedseed[i];
   }
 
   if (PKCS1_MGF1(db, dblen, seed, mdlen, mgf1md)) {
-    return -1;
+    goto err;
   }
   for (i = 0; i < dblen; i++) {
     db[i] ^= maskeddb[i];
   }
 
   if (!EVP_Digest((void *)param, plen, phash, NULL, md, NULL)) {
-    return -1;
+    goto err;
   }
 
   bad = CRYPTO_memcmp(db, phash, mdlen);
@@ -536,6 +536,7 @@ decoding_err:
    * which kind of decoding error happened */
   OPENSSL_PUT_ERROR(RSA, RSA_padding_check_PKCS1_OAEP_mgf1,
                     RSA_R_OAEP_DECODING_ERROR);
+ err:
   if (db != NULL) {
     OPENSSL_free(db);
   }
diff --git a/crypto/x509/x509_lu.c b/crypto/x509/x509_lu.c
index 3cf2d816..63b81c37 100644
--- a/crypto/x509/x509_lu.c
+++ b/crypto/x509/x509_lu.c
@@ -181,34 +181,31 @@ X509_STORE *X509_STORE_new(void)
 
 	if ((ret=(X509_STORE *)OPENSSL_malloc(sizeof(X509_STORE))) == NULL)
 		return NULL;
+	memset(ret, 0, sizeof(*ret));
 	ret->objs = sk_X509_OBJECT_new(x509_object_cmp);
-	ret->cache=1;
-	ret->get_cert_methods=sk_X509_LOOKUP_new_null();
-	ret->verify=0;
-	ret->verify_cb=0;
+	ret->cache = 1;
+	ret->get_cert_methods = sk_X509_LOOKUP_new_null();
 
 	if ((ret->param = X509_VERIFY_PARAM_new()) == NULL)
-		return NULL;
-
-	ret->get_issuer = 0;
-	ret->check_issued = 0;
-	ret->check_revocation = 0;
-	ret->get_crl = 0;
-	ret->check_crl = 0;
-	ret->cert_crl = 0;
-	ret->lookup_certs = 0;
-	ret->lookup_crls = 0;
-	ret->cleanup = 0;
+		goto err;
 
 	if (!CRYPTO_new_ex_data(CRYPTO_EX_INDEX_X509_STORE, ret, &ret->ex_data))
-		{
-		sk_X509_OBJECT_free(ret->objs);
-		OPENSSL_free(ret);
-		return NULL;
-		}
+		goto err;
 
-	ret->references=1;
+	ret->references = 1;
 	return ret;
+err:
+	if (ret)
+		{
+		if (ret->param)
+			X509_VERIFY_PARAM_free(ret->param);
+		if (ret->get_cert_methods)
+			sk_X509_LOOKUP_free(ret->get_cert_methods);
+		if (ret->objs)
+			sk_X509_OBJECT_free(ret->objs);
+		OPENSSL_free(ret);
+		}
+	return NULL;
 	}
 
 static void cleanup(X509_OBJECT *a)
diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c
index c26fca98..0acf3d32 100644
--- a/ssl/ssl_lib.c
+++ b/ssl/ssl_lib.c
@@ -558,7 +558,7 @@ ssl_cipher_preference_list_dup(
 	return ret;
 
 err:
-	if (ret->ciphers)
+	if (ret && ret->ciphers)
 		sk_SSL_CIPHER_free(ret->ciphers);
 	if (ret)
 		OPENSSL_free(ret);
@@ -586,7 +586,7 @@ ssl_cipher_preference_list_from_ciphers(STACK_OF(SSL_CIPHER) *ciphers)
 	return ret;
 
 err:
-	if (ret->ciphers)
+	if (ret && ret->ciphers)
 		sk_SSL_CIPHER_free(ret->ciphers);
 	if (ret)
 		OPENSSL_free(ret);