--- ../openssl/crypto/ocsp/ocsp_ext_vjuga.c 2012-12-06 23:36:25.000000000 +0400 +++ ../openssl/crypto/ocsp/ocsp_ext.c 2012-12-06 23:37:26.000000000 +0400 @@ -335,7 +335,7 @@ if (val) memcpy(tmpval, val, len); else - RAND_pseudo_bytes(tmpval, len); + {if(RAND_pseudo_bytes(tmpval, len) < 0) goto err;} if(!X509V3_add1_i2d(exts, NID_id_pkix_OCSP_Nonce, &os, 0, X509V3_ADD_REPLACE)) goto err; --- ../openssl/crypto/ocsp/ocsp_srv_vjuga.c 2012-12-06 23:59:44.000000000 +0400 +++ ../openssl/crypto/ocsp/ocsp_srv.c 2012-12-07 00:00:51.000000000 +0400 @@ -211,6 +211,7 @@ { int i; OCSP_RESPID *rid; + int ret; if (!X509_check_private_key(signer, key)) { @@ -255,8 +256,12 @@ /* Right now, I think that not doing double hashing is the right thing. -- Richard Levitte */ + ret = OCSP_BASICRESP_sign(brsp, key, dgst, 0); - if (!OCSP_BASICRESP_sign(brsp, key, dgst, 0)) goto err; + if (!ret) + { + return 0; + } return 1; err: --- ../openssl/apps/ocsp_vjuga.c 2012-12-06 23:37:53.000000000 +0400 +++ ../openssl/apps/ocsp.c 2012-12-07 00:05:45.000000000 +0400 @@ -702,7 +702,13 @@ goto end; } - if (req && add_nonce) OCSP_request_add1_nonce(req, NULL, -1); + if (req && add_nonce) + { + if(!OCSP_request_add1_nonce(req, NULL, -1)) + { + goto end; + } + } if (signfile) { @@ -1142,7 +1148,11 @@ OCSP_copy_nonce(bs, req); - OCSP_basic_sign(bs, rcert, rkey, NULL, rother, flags); + if(!OCSP_basic_sign(bs, rcert, rkey, NULL, rother, flags)) + { + *resp = OCSP_response_create(OCSP_RESPONSE_STATUS_INTERNALERROR, bs); + goto end; + } *resp = OCSP_response_create(OCSP_RESPONSE_STATUS_SUCCESSFUL, bs); --- smime.orig.c 2012-12-05 01:39:10.000000000 +0400 +++ smime.c 2012-12-05 01:42:57.000000000 +0400 @@ -774,6 +774,7 @@ PEM_write_bio_PKCS7(out, p7); else { + int rv; if (to) BIO_printf(out, "To: %s\n", to); if (from) @@ -783,19 +784,25 @@ if (outformat == FORMAT_SMIME) { if (operation == SMIME_RESIGN) - SMIME_write_PKCS7(out, p7, indata, flags); + rv = SMIME_write_PKCS7(out, p7, indata, flags); else - SMIME_write_PKCS7(out, p7, in, flags); + rv = SMIME_write_PKCS7(out, p7, in, flags); } else if (outformat == FORMAT_PEM) - PEM_write_bio_PKCS7_stream(out, p7, in, flags); + rv = PEM_write_bio_PKCS7_stream(out, p7, in, flags); else if (outformat == FORMAT_ASN1) - i2d_PKCS7_bio_stream(out,p7, in, flags); + rv = i2d_PKCS7_bio_stream(out,p7, in, flags); else { BIO_printf(bio_err, "Bad output format for PKCS#7 file\n"); goto end; } + if (rv == 0) + { + BIO_printf(bio_err, "Error writing PKCS#7"); + ret = 3; + goto end; + } } ret = 0; end: --- s_server_vjuga.c 2012-12-06 23:00:29.000000000 +0400 +++ s_server.c 2012-12-06 23:02:51.000000000 +0400 @@ -1678,7 +1678,11 @@ dh = dh2; } } - SSL_CTX_set_tmp_dh(ctx2,dh); + if(!SSL_CTX_set_tmp_dh(ctx2,dh)) + { + DH_free(dh); + goto end; + } } #endif DH_free(dh); @@ -1725,7 +1729,11 @@ } (void)BIO_flush(bio_s_out); - SSL_CTX_set_tmp_ecdh(ctx,ecdh); + if (!SSL_CTX_set_tmp_ecdh(ctx,ecdh)) + { + EC_KEY_free(ecdh); + goto end; + } #ifndef OPENSSL_NO_TLSEXT if (ctx2) SSL_CTX_set_tmp_ecdh(ctx2,ecdh); --- ../openssl/apps/ts_vjuga.c 2012-12-06 23:21:38.000000000 +0400 +++ ..//openssl/apps/ts.c 2012-12-06 23:22:35.000000000 +0400 @@ -432,6 +432,12 @@ else BIO_printf(bio_err, "error on line %ld of config file " "'%s'\n", errorline, configfile); + + if (conf) + { + NCONF_free(conf); + conf = NULL; + } } if (conf != NULL)