fixup! fixup! Check returns of sk_POLICY_MAPPING_push, sk_GENERAL_NAM…

…E_push, sk_ACCESS_DESCRIPTION_push, sk_X509_push, sk_X509_NAME_push, sk_OPENSSL_CSTRING_push, sk_SCT_push, sk_DIST_POINT_push, sk_OSSL_CMP_CRLSTATUS_push, sk_ASN1_UTF8STRING_push and sk_ASN1_OBJECT_push and handle appropriately.
fwh-dc · Jan 3, 2025 · e7409b5 · e7409b5
1 parent 1ab14f6
commit e7409b5
Show file tree

Hide file tree

Showing 9 changed files with 22 additions and 44 deletions.
diff --git a/apps/cmp.c b/apps/cmp.c
@@ -1975,8 +1975,8 @@ static int add_certProfile(OSSL_CMP_CTX *ctx, const char *name)
         goto err;
     }
     /* Due to sk_ASN1_UTF8STRING_new_reserve(NULL, 1), this surely succeeds: */
-    if (!ossl_assert(sk_ASN1_UTF8STRING_push(sk, utf8string))
-        || (itav = OSSL_CMP_ITAV_new0_certProfile(sk)) == NULL)
+    (void)sk_ASN1_UTF8STRING_push(sk, utf8string);
+    if ((itav = OSSL_CMP_ITAV_new0_certProfile(sk)) == NULL)
         goto err;
     if (OSSL_CMP_CTX_push0_geninfo_ITAV(ctx, itav))
         return 1;

diff --git a/crypto/cmp/cmp_asn.c b/crypto/cmp/cmp_asn.c
@@ -665,12 +665,11 @@ static GENERAL_NAMES *gennames_new(const X509_NAME *nm)
 
     if ((names = sk_GENERAL_NAME_new_reserve(NULL, 1)) == NULL)
         return NULL;
-    if (!GENERAL_NAME_set1_X509_NAME(&name, nm)
-        /* sk_GENERAL_NAME_push() cannot fail */
-        || !ossl_assert(sk_GENERAL_NAME_push(names, name))) {
+    if (!GENERAL_NAME_set1_X509_NAME(&name, nm)) {
         sk_GENERAL_NAME_free(names);
         return NULL;
     }
+    (void)sk_GENERAL_NAME_push(names, name); /* cannot fail */
     return names;
 }
 

diff --git a/crypto/cmp/cmp_genm.c b/crypto/cmp/cmp_genm.c
@@ -371,9 +371,9 @@ int OSSL_CMP_get1_crlUpdate(OSSL_CMP_CTX *ctx, const X509 *crlcert,
         ERR_raise(ERR_LIB_CMP, CMP_R_GENERATE_CRLSTATUS);
         goto end;
     }
+    (void)sk_OSSL_CMP_CRLSTATUS_push(list, status); /* cannot fail */
 
-    if (!ossl_assert(sk_OSSL_CMP_CRLSTATUS_push(list, status)) /* cannot fail */
-        || (req = OSSL_CMP_ITAV_new0_crlStatusList(list)) == NULL)
+    if ((req = OSSL_CMP_ITAV_new0_crlStatusList(list)) == NULL)
         goto end;
     status = NULL;
     list = NULL;

diff --git a/crypto/x509/v3_crld.c b/crypto/x509/v3_crld.c
@@ -264,10 +264,9 @@ static void *v2i_crld(const X509V3_EXT_METHOD *method,
                 goto err;
             point = crldp_from_section(ctx, dpsect);
             X509V3_section_free(ctx, dpsect);
-            if (point == NULL
-                /* no failure as it was reserved */
-                || !ossl_assert(sk_DIST_POINT_push(crld, point)))
+            if (point == NULL)
                 goto err;
+            sk_DIST_POINT_push(crld, point); /* no failure as it was reserved */
         } else {
             if ((gen = v2i_GENERAL_NAME(method, ctx, cnf)) == NULL)
                 goto err;
@@ -280,13 +279,11 @@ static void *v2i_crld(const X509V3_EXT_METHOD *method,
                 goto err;
             }
             gen = NULL;
-            if ((point = DIST_POINT_new()) == NULL
-                /* no failure as it was reserved */
-                || !ossl_assert(sk_DIST_POINT_push(crld, point))) {
-                DIST_POINT_free(point);
+            if ((point = DIST_POINT_new()) == NULL) {
                 ERR_raise(ERR_LIB_X509V3, ERR_R_ASN1_LIB);
                 goto err;
             }
+            sk_DIST_POINT_push(crld, point); /* no failure as it was reserved */
             if ((point->distpoint = DIST_POINT_NAME_new()) == NULL) {
                 ERR_raise(ERR_LIB_X509V3, ERR_R_ASN1_LIB);
                 goto err;

diff --git a/crypto/x509/v3_extku.c b/crypto/x509/v3_extku.c
@@ -120,11 +120,7 @@ static void *v2i_EXTENDED_KEY_USAGE(const X509V3_EXT_METHOD *method,
                            "%s", extval);
             return NULL;
         }
-        if (!ossl_assert(sk_ASN1_OBJECT_push(extku, objtmp))) {
-            sk_ASN1_OBJECT_pop_free(extku, ASN1_OBJECT_free);
-            ERR_raise(ERR_LIB_X509V3, ERR_R_CRYPTO_LIB);
-            return NULL;
-        }
+        sk_ASN1_OBJECT_push(extku, objtmp);  /* no failure as it was reserved */
     }
     return extku;
 }
diff --git a/crypto/x509/v3_info.c b/crypto/x509/v3_info.c
@@ -121,9 +121,7 @@ static AUTHORITY_INFO_ACCESS *v2i_AUTHORITY_INFO_ACCESS(X509V3_EXT_METHOD
             ERR_raise(ERR_LIB_X509V3, ERR_R_ASN1_LIB);
             goto err;
         }
-        /* Cannot fail due to reserve */
-        if (!ossl_assert(sk_ACCESS_DESCRIPTION_push(ainfo, acc)))
-            goto err;
+        sk_ACCESS_DESCRIPTION_push(ainfo, acc); /* Cannot fail due to reserve */
         ptmp = strchr(cnf->name, ';');
         if (ptmp == NULL) {
             ERR_raise(ERR_LIB_X509V3, X509V3_R_INVALID_SYNTAX);

diff --git a/crypto/x509/v3_pmaps.c b/crypto/x509/v3_pmaps.c
@@ -99,11 +99,7 @@ static void *v2i_POLICY_MAPPINGS(const X509V3_EXT_METHOD *method,
         pmap->issuerDomainPolicy = obj1;
         pmap->subjectDomainPolicy = obj2;
         obj1 = obj2 = NULL;
-        /* no failure as it was reserved */
-        if (!ossl_assert(sk_POLICY_MAPPING_push(pmaps, pmap))) {
-            POLICY_MAPPING_free(pmap);
-            goto err;
-        }
+        sk_POLICY_MAPPING_push(pmaps, pmap); /* no failure as it was reserved */
     }
     return pmaps;
  err:

diff --git a/crypto/x509/v3_san.c b/crypto/x509/v3_san.c
@@ -320,10 +320,9 @@ static GENERAL_NAMES *v2i_issuer_alt(X509V3_EXT_METHOD *method,
         } else {
             GENERAL_NAME *gen = v2i_GENERAL_NAME(method, ctx, cnf);
 
-            if (gen == NULL
-                /* no failure as it was reserved */
-                || !ossl_assert(sk_GENERAL_NAME_push(gens, gen)))
+            if (gen == NULL)
                 goto err;
+            sk_GENERAL_NAME_push(gens, gen); /* no failure as it was reserved */
         }
     }
     return gens;
@@ -364,9 +363,7 @@ static int copy_issuer(X509V3_CTX *ctx, GENERAL_NAMES *gens)
 
     for (i = 0; i < num; i++) {
         gen = sk_GENERAL_NAME_value(ialt, i);
-        /* no failure as it was reserved */
-        if (!ossl_assert(sk_GENERAL_NAME_push(gens, gen)))
-            goto err;
+        sk_GENERAL_NAME_push(gens, gen);     /* no failure as it was reserved */
     }
     sk_GENERAL_NAME_free(ialt);
 
@@ -405,11 +402,9 @@ static GENERAL_NAMES *v2i_subject_alt(X509V3_EXT_METHOD *method,
                 goto err;
         } else {
             GENERAL_NAME *gen;
-
-            if ((gen = v2i_GENERAL_NAME(method, ctx, cnf)) == NULL
-                /* no failure as it was reserved */
-                || !ossl_assert(sk_GENERAL_NAME_push(gens, gen)))
+            if ((gen = v2i_GENERAL_NAME(method, ctx, cnf)) == NULL)
                 goto err;
+            sk_GENERAL_NAME_push(gens, gen); /* no failure as it was reserved */
         }
     }
     return gens;
@@ -492,10 +487,9 @@ GENERAL_NAMES *v2i_GENERAL_NAMES(const X509V3_EXT_METHOD *method,
 
     for (i = 0; i < num; i++) {
         cnf = sk_CONF_VALUE_value(nval, i);
-        if ((gen = v2i_GENERAL_NAME(method, ctx, cnf)) == NULL
-            /* no failure as it was reserved */
-            || !ossl_assert(sk_GENERAL_NAME_push(gens, gen)))
+        if ((gen = v2i_GENERAL_NAME(method, ctx, cnf)) == NULL)
             goto err;
+        sk_GENERAL_NAME_push(gens, gen);    /* no failure as it was reserved */
     }
     return gens;
  err:

diff --git a/ssl/ssl_cert.c b/ssl/ssl_cert.c
@@ -566,14 +566,12 @@ STACK_OF(X509_NAME) *SSL_dup_CA_list(const STACK_OF(X509_NAME) *sk)
     }
     for (i = 0; i < num; i++) {
         name = X509_NAME_dup(sk_X509_NAME_value(sk, i));
-        if (name == NULL
-                /* sk_X509_NAME_push() cannot fail after reserve call */
-                || !ossl_assert(sk_X509_NAME_push(ret, name))) {
+        if (name == NULL) {
             ERR_raise(ERR_LIB_SSL, ERR_R_X509_LIB);
             sk_X509_NAME_pop_free(ret, X509_NAME_free);
-            X509_NAME_free(name);
             return NULL;
         }
+        sk_X509_NAME_push(ret, name);   /* Cannot fail after reserve call */
     }
     return ret;
 }