free NULL cleanup 8

Do not check for NULL before calling a free routine.  This addresses:
    ASN1_BIT_STRING_free ASN1_GENERALIZEDTIME_free ASN1_INTEGER_free
    ASN1_OBJECT_free ASN1_OCTET_STRING_free ASN1_PCTX_free ASN1_SCTX_free
    ASN1_STRING_clear_free ASN1_STRING_free ASN1_TYPE_free
    ASN1_UTCTIME_free M_ASN1_free_of
Reviewed-by: NRichard Levitte <levitte@openssl.org>

apps/apps.c

@@ -1414,8 +1414,7 @@ BIGNUM *load_serial(char *serialfile, int create, ASN1_INTEGER **retai)
     }
  err:
     BIO_free(in);
-    if (ai != NULL)
-        ASN1_INTEGER_free(ai);
+    ASN1_INTEGER_free(ai);
     return (ret);
 }
 
@@ -1468,8 +1467,7 @@ int save_serial(char *serialfile, char *suffix, BIGNUM *serial,
     }
  err:
     BIO_free_all(out);
-    if (ai != NULL)
-        ASN1_INTEGER_free(ai);
+    ASN1_INTEGER_free(ai);
     return (ret);
 }
 

apps/asn1pars.c

@@ -327,8 +327,7 @@ int asn1parse_main(int argc, char **argv)
         OPENSSL_free(header);
     if (strictpem && str != NULL)
         OPENSSL_free(str);
-    if (at != NULL)
-        ASN1_TYPE_free(at);
+    ASN1_TYPE_free(at);
     if (osk != NULL)
         sk_OPENSSL_STRING_free(osk);
     OBJ_cleanup();

apps/ca.c

@@ -2033,8 +2033,7 @@ static int do_body(X509 **xret, EVP_PKEY *pkey, X509 *x509,
         X509_NAME_free(subject);
     if ((dn_subject != NULL) && !email_dn)
         X509_NAME_free(dn_subject);
-    if (tmptm != NULL)
-        ASN1_UTCTIME_free(tmptm);
+    ASN1_UTCTIME_free(tmptm);
     if (ok <= 0) {
         if (ret != NULL)
             X509_free(ret);
@@ -2740,6 +2739,8 @@ int unpack_revinfo(ASN1_TIME **prevtm, int *preason, ASN1_OBJECT **phold,
             }
             if (phold)
                 *phold = hold;
+            else
+                ASN1_OBJECT_free(hold);
         } else if ((reason_code == 9) || (reason_code == 10)) {
             if (!arg_str) {
                 BIO_printf(bio_err, "missing compromised time\n");
@@ -2763,10 +2764,10 @@ int unpack_revinfo(ASN1_TIME **prevtm, int *preason, ASN1_OBJECT **phold,
 
     if (preason)
         *preason = reason_code;
-    if (pinvtm)
+    if (pinvtm) {
         *pinvtm = comp_time;
-    else
-        ASN1_GENERALIZEDTIME_free(comp_time);
+        comp_time = NULL;
+    }
 
     ret = 1;
 
@@ -2774,10 +2775,7 @@ int unpack_revinfo(ASN1_TIME **prevtm, int *preason, ASN1_OBJECT **phold,
 
     if (tmp)
         OPENSSL_free(tmp);
-    if (!phold)
-        ASN1_OBJECT_free(hold);
-    if (!pinvtm)
-        ASN1_GENERALIZEDTIME_free(comp_time);
+    ASN1_GENERALIZEDTIME_free(comp_time);
 
     return ret;
 }

crypto/asn1/a_object.c

@@ -339,7 +339,7 @@ ASN1_OBJECT *c2i_ASN1_OBJECT(ASN1_OBJECT **a, const unsigned char **pp,
     return (ret);
  err:
     ASN1err(ASN1_F_C2I_ASN1_OBJECT, i);
-    if ((ret != NULL) && ((a == NULL) || (*a != ret)))
+    if ((a == NULL) || (*a != ret))
         ASN1_OBJECT_free(ret);
     return (NULL);
 }

crypto/asn1/asn1_gen.c

@@ -513,8 +513,7 @@ static ASN1_TYPE *asn1_multi(int utype, const char *section, X509V3_CTX *cnf,
     if (der)
         OPENSSL_free(der);
 
-    if (sk)
-        sk_ASN1_TYPE_pop_free(sk, ASN1_TYPE_free);
+    sk_ASN1_TYPE_pop_free(sk, ASN1_TYPE_free);
     if (sect)
         X509V3_section_free(cnf, sect);
 

crypto/asn1/tasn_prn.c

@@ -100,7 +100,8 @@ ASN1_PCTX *ASN1_PCTX_new(void)
 
 void ASN1_PCTX_free(ASN1_PCTX *p)
 {
-    OPENSSL_free(p);
+    if (p)
+        OPENSSL_free(p);
 }
 
 unsigned long ASN1_PCTX_get_flags(ASN1_PCTX *p)

crypto/asn1/tasn_scn.c

@@ -86,7 +86,8 @@ ASN1_SCTX *ASN1_SCTX_new(int (*scan_cb) (ASN1_SCTX *ctx))
 
 void ASN1_SCTX_free(ASN1_SCTX *p)
 {
-    OPENSSL_free(p);
+    if (p)
+        OPENSSL_free(p);
 }
 
 const ASN1_ITEM *ASN1_SCTX_get_item(ASN1_SCTX *p)

crypto/asn1/x_algor.c

@@ -92,10 +92,8 @@ int X509_ALGOR_set0(X509_ALGOR *alg, ASN1_OBJECT *aobj, int ptype, void *pval)
     if (ptype == 0)
         return 1;
     if (ptype == V_ASN1_UNDEF) {
-        if (alg->parameter) {
-            ASN1_TYPE_free(alg->parameter);
-            alg->parameter = NULL;
-        }
+        ASN1_TYPE_free(alg->parameter);
+        alg->parameter = NULL;
     } else
         ASN1_TYPE_set(alg->parameter, ptype, pval);
     return 1;

crypto/asn1/x_x509a.c

@@ -178,7 +178,7 @@ int X509_add1_reject_object(X509 *x, ASN1_OBJECT *obj)
 
 void X509_trust_clear(X509 *x)
 {
-    if (x->aux && x->aux->trust) {
+    if (x->aux) {
         sk_ASN1_OBJECT_pop_free(x->aux->trust, ASN1_OBJECT_free);
         x->aux->trust = NULL;
     }
@@ -186,7 +186,7 @@ void X509_trust_clear(X509 *x)
 
 void X509_reject_clear(X509 *x)
 {
-    if (x->aux && x->aux->reject) {
+    if (x->aux) {
         sk_ASN1_OBJECT_pop_free(x->aux->reject, ASN1_OBJECT_free);
         x->aux->reject = NULL;
     }

crypto/cms/cms_env.c

@@ -277,8 +277,7 @@ CMS_RecipientInfo *CMS_add1_recipient_cert(CMS_ContentInfo *cms,
  merr:
     CMSerr(CMS_F_CMS_ADD1_RECIPIENT_CERT, ERR_R_MALLOC_FAILURE);
  err:
-    if (ri)
-        M_ASN1_free_of(ri, CMS_RecipientInfo);
+    M_ASN1_free_of(ri, CMS_RecipientInfo);
     EVP_PKEY_free(pk);
     return NULL;
 
@@ -616,8 +615,7 @@ CMS_RecipientInfo *CMS_add0_recipient_key(CMS_ContentInfo *cms, int nid,
  merr:
     CMSerr(CMS_F_CMS_ADD0_RECIPIENT_KEY, ERR_R_MALLOC_FAILURE);
  err:
-    if (ri)
-        M_ASN1_free_of(ri, CMS_RecipientInfo);
+    M_ASN1_free_of(ri, CMS_RecipientInfo);
     return NULL;
 
 }

crypto/cms/cms_ess.c

@@ -340,8 +340,7 @@ int cms_Receipt_verify(CMS_ContentInfo *cms, CMS_ContentInfo *req_cms)
  err:
     if (rr)
         CMS_ReceiptRequest_free(rr);
-    if (rct)
-        M_ASN1_free_of(rct, CMS_Receipt);
+    M_ASN1_free_of(rct, CMS_Receipt);
 
     return r;
 

crypto/cms/cms_lib.c

@@ -314,10 +314,8 @@ int CMS_set_detached(CMS_ContentInfo *cms, int detached)
     if (!pos)
         return 0;
     if (detached) {
-        if (*pos) {
-            ASN1_OCTET_STRING_free(*pos);
-            *pos = NULL;
-        }
+        ASN1_OCTET_STRING_free(*pos);
+        *pos = NULL;
         return 1;
     }
     if (!*pos)
@@ -605,13 +603,11 @@ int cms_set1_ias(CMS_IssuerAndSerialNumber **pias, X509 *cert)
         goto err;
     if (!ASN1_STRING_copy(ias->serialNumber, X509_get_serialNumber(cert)))
         goto err;
-    if (*pias)
-        M_ASN1_free_of(*pias, CMS_IssuerAndSerialNumber);
+    M_ASN1_free_of(*pias, CMS_IssuerAndSerialNumber);
     *pias = ias;
     return 1;
  err:
-    if (ias)
-        M_ASN1_free_of(ias, CMS_IssuerAndSerialNumber);
+    M_ASN1_free_of(ias, CMS_IssuerAndSerialNumber);
     CMSerr(CMS_F_CMS_SET1_IAS, ERR_R_MALLOC_FAILURE);
     return 0;
 }
@@ -629,8 +625,7 @@ int cms_set1_keyid(ASN1_OCTET_STRING **pkeyid, X509 *cert)
         CMSerr(CMS_F_CMS_SET1_KEYID, ERR_R_MALLOC_FAILURE);
         return 0;
     }
-    if (*pkeyid)
-        ASN1_OCTET_STRING_free(*pkeyid);
+    ASN1_OCTET_STRING_free(*pkeyid);
     *pkeyid = keyid;
     return 1;
 }

crypto/cms/cms_sd.c

@@ -404,8 +404,7 @@ CMS_SignerInfo *CMS_add1_signer(CMS_ContentInfo *cms,
  merr:
     CMSerr(CMS_F_CMS_ADD1_SIGNER, ERR_R_MALLOC_FAILURE);
  err:
-    if (si)
-        M_ASN1_free_of(si, CMS_SignerInfo);
+    M_ASN1_free_of(si, CMS_SignerInfo);
     return NULL;
 
 }
@@ -904,8 +903,7 @@ int CMS_add_simple_smimecap(STACK_OF(X509_ALGOR) **algs,
     }
     alg = X509_ALGOR_new();
     if (!alg) {
-        if (key)
-            ASN1_INTEGER_free(key);
+        ASN1_INTEGER_free(key);
         return 0;
     }
 

crypto/dh/dh_ameth.c

@@ -140,8 +140,7 @@ static int dh_pub_decode(EVP_PKEY *pkey, X509_PUBKEY *pubkey)
     return 1;
 
  err:
-    if (public_key)
-        ASN1_INTEGER_free(public_key);
+    ASN1_INTEGER_free(public_key);
     DH_free(dh);
     return 0;
 
@@ -296,8 +295,7 @@ static int dh_priv_encode(PKCS8_PRIV_KEY_INFO *p8, const EVP_PKEY *pkey)
     if (dp != NULL)
         OPENSSL_free(dp);
     ASN1_STRING_free(params);
-    if (prkey != NULL)
-        ASN1_STRING_clear_free(prkey);
+    ASN1_STRING_clear_free(prkey);
     return 0;
 }
 
@@ -706,8 +704,7 @@ static int dh_cms_set_peerkey(EVP_PKEY_CTX *pctx,
     if (EVP_PKEY_derive_set_peer(pctx, pkpeer) > 0)
         rv = 1;
  err:
-    if (public_key)
-        ASN1_INTEGER_free(public_key);
+    ASN1_INTEGER_free(public_key);
     EVP_PKEY_free(pkpeer);
     DH_free(dhpeer);
     return rv;

crypto/dsa/dsa_ameth.c

@@ -118,8 +118,7 @@ static int dsa_pub_decode(EVP_PKEY *pkey, X509_PUBKEY *pubkey)
     return 1;
 
  err:
-    if (public_key)
-        ASN1_INTEGER_free(public_key);
+    ASN1_INTEGER_free(public_key);
     DSA_free(dsa);
     return 0;
 
@@ -279,8 +278,7 @@ static int dsa_priv_decode(EVP_PKEY *pkey, PKCS8_PRIV_KEY_INFO *p8)
     DSAerr(DSA_F_DSA_PRIV_DECODE, EVP_R_DECODE_ERROR);
  dsaerr:
     BN_CTX_free(ctx);
-    if (privkey)
-        ASN1_STRING_clear_free(privkey);
+    ASN1_STRING_clear_free(privkey);
     sk_ASN1_TYPE_pop_free(ndsa, ASN1_TYPE_free);
     DSA_free(dsa);
     return 0;
@@ -334,8 +332,7 @@ static int dsa_priv_encode(PKCS8_PRIV_KEY_INFO *p8, const EVP_PKEY *pkey)
     if (dp != NULL)
         OPENSSL_free(dp);
     ASN1_STRING_free(params);
-    if (prkey != NULL)
-        ASN1_STRING_clear_free(prkey);
+    ASN1_STRING_clear_free(prkey);
     return 0;
 }
 

crypto/ec/ec_asn1.c

@@ -318,8 +318,7 @@ static int ec_asn1_group2fieldid(const EC_GROUP *group, X9_62_FIELDID *field)
 
     /* clear the old values (if necessary) */
     ASN1_OBJECT_free(field->fieldType);
-    if (field->p.other != NULL)
-        ASN1_TYPE_free(field->p.other);
+    ASN1_TYPE_free(field->p.other);
 
     nid = EC_METHOD_get_field_type(EC_GROUP_method_of(group));
     /* set OID for the field */
@@ -519,10 +518,8 @@ static int ec_asn1_group2curve(const EC_GROUP *group, X9_62_CURVE *curve)
             goto err;
         }
     } else {
-        if (curve->seed) {
-            ASN1_BIT_STRING_free(curve->seed);
-            curve->seed = NULL;
-        }
+        ASN1_BIT_STRING_free(curve->seed);
+        curve->seed = NULL;
     }
 
     ok = 1;

crypto/ocsp/ocsp_ext.c

@@ -460,8 +460,7 @@ X509_EXTENSION *OCSP_accept_responses_new(char **oids)
     }
     x = X509V3_EXT_i2d(NID_id_pkix_OCSP_acceptableResponses, 0, sk);
  err:
-    if (sk)
-        sk_ASN1_OBJECT_pop_free(sk, ASN1_OBJECT_free);
+    sk_ASN1_OBJECT_pop_free(sk, ASN1_OBJECT_free);
     return x;
 }
 
@@ -477,8 +476,7 @@ X509_EXTENSION *OCSP_archive_cutoff_new(char *tim)
         goto err;
     x = X509V3_EXT_i2d(NID_id_pkix_OCSP_archiveCutoff, 0, gt);
  err:
-    if (gt)
-        ASN1_GENERALIZEDTIME_free(gt);
+    ASN1_GENERALIZEDTIME_free(gt);
     return x;
 }
 

crypto/pkcs12/p12_decr.c

@@ -194,7 +194,6 @@ ASN1_OCTET_STRING *PKCS12_item_i2d_encrypt(X509_ALGOR *algor,
     OPENSSL_free(in);
     return oct;
  err:
-    if (oct)
-        ASN1_OCTET_STRING_free(oct);
+    ASN1_OCTET_STRING_free(oct);
     return NULL;
 }

crypto/ts/ts_rsp_sign.c

@@ -225,8 +225,7 @@ int TS_RESP_CTX_set_signer_key(TS_RESP_CTX *ctx, EVP_PKEY *key)
 
 int TS_RESP_CTX_set_def_policy(TS_RESP_CTX *ctx, ASN1_OBJECT *def_policy)
 {
-    if (ctx->default_policy)
-        ASN1_OBJECT_free(ctx->default_policy);
+    ASN1_OBJECT_free(ctx->default_policy);
     if (!(ctx->default_policy = OBJ_dup(def_policy)))
         goto err;
     return 1;

crypto/x509/x509_vpm.c

@@ -144,15 +144,11 @@ static void x509_verify_param_zero(X509_VERIFY_PARAM *param)
     param->inh_flags = 0;
     param->flags = 0;
     param->depth = -1;
-    if (param->policies) {
-        sk_ASN1_OBJECT_pop_free(param->policies, ASN1_OBJECT_free);
-        param->policies = NULL;
-    }
+    sk_ASN1_OBJECT_pop_free(param->policies, ASN1_OBJECT_free);
+    param->policies = NULL;
     paramid = param->id;
-    if (paramid->hosts) {
-        string_stack_free(paramid->hosts);
-        paramid->hosts = NULL;
-    }
+    string_stack_free(paramid->hosts);
+    paramid->hosts = NULL;
     if (paramid->peername)
         OPENSSL_free(paramid->peername);
     if (paramid->email) {
@@ -426,10 +422,10 @@ int X509_VERIFY_PARAM_set1_policies(X509_VERIFY_PARAM *param,
 {
     int i;
     ASN1_OBJECT *oid, *doid;
+
     if (!param)
         return 0;
-    if (param->policies)
-        sk_ASN1_OBJECT_pop_free(param->policies, ASN1_OBJECT_free);
+    sk_ASN1_OBJECT_pop_free(param->policies, ASN1_OBJECT_free);
 
     if (!policies) {
         param->policies = NULL;

crypto/x509/x_attrib.c

@@ -100,7 +100,6 @@ X509_ATTRIBUTE *X509_ATTRIBUTE_create(int nid, int atrtype, void *value)
  err:
     if (ret != NULL)
         X509_ATTRIBUTE_free(ret);
-    if (val != NULL)
-        ASN1_TYPE_free(val);
+    ASN1_TYPE_free(val);
     return (NULL);
 }

crypto/x509v3/pcy_cache.c

@@ -209,8 +209,7 @@ static int policy_cache_new(X509 *x)
     if (ext_pcons)
         POLICY_CONSTRAINTS_free(ext_pcons);
 
-    if (ext_any)
-        ASN1_INTEGER_free(ext_any);
+    ASN1_INTEGER_free(ext_any);
 
     return 1;
 

crypto/x509v3/v3_pci.c

@@ -306,18 +306,12 @@ static PROXY_CERT_INFO_EXTENSION *r2i_pci(X509V3_EXT_METHOD *method,
     goto end;
  err:
     ASN1_OBJECT_free(language);
-    if (pathlen) {
-        ASN1_INTEGER_free(pathlen);
-        pathlen = NULL;
-    }
-    if (policy) {
-        ASN1_OCTET_STRING_free(policy);
-        policy = NULL;
-    }
-    if (pci) {
-        PROXY_CERT_INFO_EXTENSION_free(pci);
-        pci = NULL;
-    }
+    ASN1_INTEGER_free(pathlen);
+    pathlen = NULL;
+    ASN1_OCTET_STRING_free(policy);
+    policy = NULL;
+    PROXY_CERT_INFO_EXTENSION_free(pci);
+    pci = NULL;
  end:
     sk_CONF_VALUE_pop_free(vals, X509V3_conf_free);
     return pci;

crypto/x509v3/v3_utl.c

@@ -1110,8 +1110,7 @@ ASN1_OCTET_STRING *a2i_IPADDRESS_NC(const char *ipasc)
  err:
     if (iptmp)
         OPENSSL_free(iptmp);
-    if (ret)
-        ASN1_OCTET_STRING_free(ret);
+    ASN1_OCTET_STRING_free(ret);
     return NULL;
 }