diff options
Diffstat (limited to 'third_party/heimdal/lib/hx509/ca.c')
| -rw-r--r-- | third_party/heimdal/lib/hx509/ca.c | 21 |
1 files changed, 12 insertions, 9 deletions
diff --git a/third_party/heimdal/lib/hx509/ca.c b/third_party/heimdal/lib/hx509/ca.c index 807621c21d1..3d62b93fa57 100644 --- a/third_party/heimdal/lib/hx509/ca.c +++ b/third_party/heimdal/lib/hx509/ca.c @@ -2353,7 +2353,6 @@ count_sans(hx509_request req, size_t *n) for (i = 0; ret == 0; i++) { hx509_san_type san_type; - frees(&s); ret = hx509_request_get_san(req, i, &san_type, &s); if (ret) break; @@ -2370,6 +2369,7 @@ count_sans(hx509_request req, size_t *n) } frees(&s); } + free(s); return ret == HX509_NO_ITEM ? 0 : ret; } @@ -2565,9 +2565,9 @@ get_cf(hx509_context context, } *out = heim_config_get_list(context->hcontext, cf, label, svc, NULL); - if (*out) + if (*out) { ret = 0; - if (ret) { + } else { heim_log_msg(context->hcontext, logf, 3, NULL, "No configuration for %s %s certificate's realm " "-> %s -> kx509 -> %s%s%s", def, label, realm, label, @@ -2741,7 +2741,8 @@ set_tbs(hx509_context context, realm); /* Populate requested certificate extensions from CSR/CSRPlus if allowed */ - ret = hx509_ca_tbs_set_from_csr(context, tbs, req); + if (ret == 0) + ret = hx509_ca_tbs_set_from_csr(context, tbs, req); if (ret == 0) ret = set_template(context, logf, cf, tbs); @@ -2939,6 +2940,8 @@ _hx509_ca_issue_certificate(hx509_context context, hx509_request_authorize_ku(req, ku); ret = get_cf(context, cf, logf, req, cprinc, &cf); + if (ret) + return ret; if ((ca = heim_config_get_string(context->hcontext, cf, "ca", NULL)) == NULL) { @@ -3050,9 +3053,8 @@ _hx509_ca_issue_certificate(hx509_context context, hx509_env_free(&env); /* All done with the TBS, sign/issue the certificate */ - ret = hx509_ca_sign(context, tbs, signer, &cert); - if (ret) - goto out; + if (ret == 0) + ret = hx509_ca_sign(context, tbs, signer, &cert); /* * Gather the certificate and chain into a MEMORY store, being careful not @@ -3063,8 +3065,9 @@ _hx509_ca_issue_certificate(hx509_context context, * the full chain in the issuer credential store and copying only the certs * (but not the private keys) is safer and easier to configure. */ - ret = hx509_certs_init(context, "MEMORY:certs", - HX509_CERTS_NO_PRIVATE_KEYS, NULL, out); + if (ret == 0) + ret = hx509_certs_init(context, "MEMORY:certs", + HX509_CERTS_NO_PRIVATE_KEYS, NULL, out); if (ret == 0) ret = hx509_certs_add(context, *out, cert); if (ret == 0 && send_chain) { |