10 files changed, 42 insertions, 13 deletions

diff --git a/lib/gnutls_str.c b/lib/gnutls_str.c
index d678d9998a..f5ca099c60 100644
--- a/lib/gnutls_str.c
+++ b/lib/gnutls_str.c
@@ -301,6 +301,11 @@ _gnutls_buffer_pop_data (gnutls_buffer_st * str, void *data,
   gnutls_datum_t tdata;
 
   _gnutls_buffer_pop_datum (str, &tdata, *req_size);
+  if (tdata->data == NULL)
+    {
+      *req_size = 0;
+      return;
+    }
 
   *req_size = tdata.size;
   memcpy (data, tdata.data, tdata.size);
diff --git a/lib/nettle/pk.c b/lib/nettle/pk.c
index 780d33fb3f..09e3234f42 100644
--- a/lib/nettle/pk.c
+++ b/lib/nettle/pk.c
@@ -183,7 +183,7 @@ static int _wrap_nettle_pk_derive(gnutls_pk_algorithm_t algo, gnutls_datum_t * o
 ecc_cleanup:
         ecc_point_clear(&ecc_pub);
         ecc_scalar_clear(&ecc_priv);
-
+        if (ret < 0) goto cleanup;
         break;
       }
     default:
diff --git a/lib/opencdk/keydb.c b/lib/opencdk/keydb.c
index 86708c14db..fd43982c66 100644
--- a/lib/opencdk/keydb.c
+++ b/lib/opencdk/keydb.c
@@ -268,8 +268,6 @@ keydb_idx_search (cdk_stream_t inp, u32 * keyid, const byte * fpr,
           *r_off = idx->offset;
           break;
         }
-      cdk_free (idx);
-      idx = NULL;
     }
   cdk_free (idx);
   return *r_off != 0xFFFFFFFF ? 0 : CDK_EOF;
@@ -818,6 +816,9 @@ keydb_pos_from_cache (cdk_keydb_hd_t hd, cdk_keydb_search_t ks,
 void
 cdk_keydb_search_release (cdk_keydb_search_t st)
 {
+  if (st == NULL)
+    return;
+
   keydb_cache_free (st->cache);
 
   if (st->idx)
@@ -2211,13 +2212,27 @@ _cdk_keydb_check_userid (cdk_keydb_hd_t hd, u32 * keyid, const char *id)
     }
 
   check = 0;
-  cdk_keydb_search_start (&st, hd, CDK_DBSEARCH_KEYID, keyid);
+  rc = cdk_keydb_search_start (&st, hd, CDK_DBSEARCH_KEYID, keyid);
+  if (rc)
+    {
+      cdk_kbnode_release (knode);
+      gnutls_assert ();
+      return rc;
+    }
+
   if (unode && find_by_keyid (unode, st))
     check++;
   cdk_keydb_search_release (st);
   cdk_kbnode_release (unode);
 
-  cdk_keydb_search_start (&st, hd, CDK_DBSEARCH_EXACT, (char *) id);
+  rc = cdk_keydb_search_start (&st, hd, CDK_DBSEARCH_EXACT, (char *) id);
+  if (rc)
+    {
+      cdk_kbnode_release (knode);
+      gnutls_assert ();
+      return rc;
+    }
+
   if (knode && find_by_pattern (knode, st))
     check++;
   cdk_keydb_search_release (st);
diff --git a/lib/opencdk/sig-check.c b/lib/opencdk/sig-check.c
index e2543ee196..78f27421ac 100644
--- a/lib/opencdk/sig-check.c
+++ b/lib/opencdk/sig-check.c
@@ -498,7 +498,7 @@ cdk_pk_check_sigs (cdk_kbnode_t key, cdk_keydb_hd_t keydb, int *r_status)
   u32 keyid;
   int key_status, is_selfsig = 0;
   struct verify_uid *uid_list = NULL;
-  char *uid_name;
+  char *uid_name = NULL;
 
   if (!key || !r_status)
     {
diff --git a/lib/x509/common.c b/lib/x509/common.c
index 6dc5b1494a..ee8478dc99 100644
--- a/lib/x509/common.c
+++ b/lib/x509/common.c
@@ -969,7 +969,7 @@ _gnutls_x509_decode_string (unsigned int etype,
 {
   int ret;
   const uint8_t *str;
-  unsigned int str_size;
+  unsigned int str_size, len;
   gnutls_datum_t td;
   
   ret = asn1_decode_simple_der (etype, der, der_size, &str, &str_size);
@@ -1003,7 +1003,12 @@ _gnutls_x509_decode_string (unsigned int etype,
   /* Refuse to deal with strings containing NULs. */
   if (etype != ASN1_ETYPE_OCTET_STRING)
     {
-      if (strlen ((void*)output->data) != (size_t)output->size)
+      if (output->data)
+        len = strlen ((void*)output->data);
+      else
+        len = 0;
+
+      if (len != (size_t)output->size)
         {
           _gnutls_free_datum(output);
           ret = gnutls_assert_val(GNUTLS_E_ASN1_DER_ERROR);
diff --git a/lib/x509/verify-high2.c b/lib/x509/verify-high2.c
index 623a402855..7408e54f39 100644
--- a/lib/x509/verify-high2.c
+++ b/lib/x509/verify-high2.c
@@ -227,7 +227,7 @@ cleanup:
   for (i=0;i<pcrt_list_size;i++)
     {
       gnutls_pkcs11_obj_deinit(pcrt_list[i]);
-      gnutls_x509_crt_deinit(xcrt_list[i]);
+      if (xcrt_list) gnutls_x509_crt_deinit(xcrt_list[i]);
     }
   gnutls_free(pcrt_list);
   gnutls_free(xcrt_list);
diff --git a/lib/x509/verify.c b/lib/x509/verify.c
index e146878abf..cb8289e36b 100644
--- a/lib/x509/verify.c
+++ b/lib/x509/verify.c
@@ -1004,15 +1004,15 @@ gnutls_x509_crl_verify (gnutls_x509_crl_t crl,
       }
   }
   
-  if (gnutls_x509_crl_get_this_update (crl) > now)
+  if (gnutls_x509_crl_get_this_update (crl) > now && verify)
     *verify |= GNUTLS_CERT_REVOCATION_DATA_ISSUED_IN_FUTURE;
     
-  if (gnutls_x509_crl_get_next_update (crl) < now)
+  if (gnutls_x509_crl_get_next_update (crl) < now && verify)
     *verify |= GNUTLS_CERT_REVOCATION_DATA_SUPERSEDED;
 
 
 cleanup:
-  if (*verify) *verify |= GNUTLS_CERT_INVALID;
+  if (verify) *verify |= GNUTLS_CERT_INVALID;
 
   _gnutls_free_datum (&crl_signed_data);
   _gnutls_free_datum (&crl_signature);
diff --git a/lib/x509/x509.c b/lib/x509/x509.c
index 75806e7a79..f8d378285d 100644
--- a/lib/x509/x509.c
+++ b/lib/x509/x509.c
@@ -1299,7 +1299,8 @@ _gnutls_parse_general_name (ASN1_TYPE src, const char *src_name,
             }
 
           /* null terminate it */
-          ((char *) name)[*name_size] = 0;
+          if (name)
+            ((char *) name)[*name_size] = 0;
         }
 
     }
diff --git a/lib/xssl.c b/lib/xssl.c
index 61555591d8..0c897d492b 100644
--- a/lib/xssl.c
+++ b/lib/xssl.c
@@ -192,6 +192,7 @@ xssl_cred_t cred;
               gnutls_certificate_set_pin_function(cred->xcred, aux[i].i1.pin_fn,
                                                   aux[i].i2.udata);
             }
+          else ret = gnutls_assert_val(GNUTLS_E_INVALID_REQUEST);
 
           if (ret < 0)
             {
@@ -239,6 +240,7 @@ xssl_cred_t cred;
                   goto fail1;
                 }
               memcpy(cred->tofu_file, aux[i].i1.file, len+1);
+              ret = 0;
             }
           else
             ret = GNUTLS_E_INVALID_REQUEST;
diff --git a/libdane/dane.c b/libdane/dane.c
index b8869d9e2b..50671c755f 100644
--- a/libdane/dane.c
+++ b/libdane/dane.c
@@ -403,6 +403,7 @@ int ret;
 
 cleanup:
 	free(out->data);
+	out->data = NULL;
 clean_certs:
 	if (pub)
 		gnutls_pubkey_deinit(pub);