several bug fixes due to coverity.

4 files changed, 11 insertions, 3 deletions

diff --git a/lib/x509/crl.c b/lib/x509/crl.c
index bd2560dc78..e958b67425 100644
--- a/lib/x509/crl.c
+++ b/lib/x509/crl.c
@@ -855,7 +855,6 @@ gnutls_x509_crl_get_number(gnutls_x509_crl_t crl, void *ret,
 		return GNUTLS_E_INVALID_REQUEST;
 	}
 
-
 	if (ret)
 		memset(ret, 0, *ret_size);
 	else
diff --git a/lib/x509/pkcs12.c b/lib/x509/pkcs12.c
index 7ccdcc23bc..fa86bde000 100644
--- a/lib/x509/pkcs12.c
+++ b/lib/x509/pkcs12.c
@@ -1473,6 +1473,7 @@ gnutls_pkcs12_simple_parse(gnutls_pkcs12_t p12,
 					goto done;
 				}
 
+				/* fallthrough */
 			case GNUTLS_BAG_PKCS8_KEY:
 				if (*key != NULL) {	/* too simple to continue */
 					gnutls_assert();
diff --git a/lib/x509/sign.c b/lib/x509/sign.c
index d924ad4209..3b9ceb6c19 100644
--- a/lib/x509/sign.c
+++ b/lib/x509/sign.c
@@ -50,7 +50,11 @@ _gnutls_x509_get_tbs(ASN1_TYPE cert, const char *tbs_name,
 	int buf_size;
 
 	buf_size = 0;
-	asn1_der_coding(cert, tbs_name, NULL, &buf_size, NULL);
+	result = asn1_der_coding(cert, tbs_name, NULL, &buf_size, NULL);
+	if (result != ASN1_MEM_ERROR) {
+		gnutls_assert();
+		return _gnutls_asn2err(result);
+	}
 
 	buf = gnutls_malloc(buf_size);
 	if (buf == NULL) {
diff --git a/lib/x509/x509.c b/lib/x509/x509.c
index 3c4c44c461..0122cf1e77 100644
--- a/lib/x509/x509.c
+++ b/lib/x509/x509.c
@@ -2495,7 +2495,11 @@ gnutls_x509_crt_get_fingerprint(gnutls_x509_crt_t cert,
 	}
 
 	cert_buf_size = 0;
-	asn1_der_coding(cert->cert, "", NULL, &cert_buf_size, NULL);
+	result = asn1_der_coding(cert->cert, "", NULL, &cert_buf_size, NULL);
+	if (result != ASN1_MEM_ERROR) {
+		gnutls_assert();
+		return _gnutls_asn2err(result);
+	}
 
 	cert_buf = gnutls_malloc(cert_buf_size);
 	if (cert_buf == NULL) {