From 9e4497d1dd2a337be1f69e0cfb24ce8080690ccf Mon Sep 17 00:00:00 2001
From: Stephen Gallagher <sgallagh@redhat.com>
Date: Wed, 28 Nov 2018 09:16:29 -0500
Subject: [PATCH 4/4] Properly check all return values

Signed-off-by: Stephen Gallagher <sgallagh@redhat.com>
---
 src/authority.c | 1 +
 src/service.c   | 1 +
 src/x509.c      | 1 +
 3 files changed, 3 insertions(+)

diff --git a/src/authority.c b/src/authority.c
index b735868416b7fb5d016f0854baf0f27cd5f98b26..4e0dccc6c1210beffb38acd9f7dfb6108ca4a4ad 100644
--- a/src/authority.c
+++ b/src/authority.c
@@ -178,10 +178,11 @@ create_private_CA (TALLOC_CTX *mem_ctx,
     }
   sk_X509_EXTENSION_push (ca_certinfo->extensions, ex);
 
   /* Finalize the CSR */
   ret = sscg_x509v3_csr_finalize (ca_certinfo, pkey, csr);
+  CHECK_OK (ret);
 
   if (options->verbosity >= SSCG_DEBUG)
     {
       fprintf (stderr, "DEBUG: Writing CA CSR to ./debug-ca.csr\n");
       BIO *ca_csr_out = BIO_new_file ("./debug-ca.csr", "w");
diff --git a/src/service.c b/src/service.c
index b292e94063f032fd3c34a8134702063ea46bfa0c..34c976dbe905528000b181c24d1fa95da3cd1377 100644
--- a/src/service.c
+++ b/src/service.c
@@ -124,10 +124,11 @@ create_service_cert (TALLOC_CTX *mem_ctx,
   ret = sscg_x509v3_csr_new (tmp_ctx, svc_certinfo, pkey, &csr);
   CHECK_OK (ret);
 
   /* Finalize the CSR */
   ret = sscg_x509v3_csr_finalize (svc_certinfo, pkey, csr);
+  CHECK_OK (ret);
 
   if (options->verbosity >= SSCG_DEBUG)
     {
       fprintf (stderr,
                "DEBUG: Writing service certificate CSR to ./debug-svc.csr\n");
diff --git a/src/x509.c b/src/x509.c
index 6d152fc969d745cc5cf085116c8688866f9d6ab4..18f0627bc64e7cb503a9e81c36dbe726186d1144 100644
--- a/src/x509.c
+++ b/src/x509.c
@@ -39,10 +39,11 @@ sscg_generate_serial (TALLOC_CTX *mem_ctx, struct sscg_bignum **serial)
     {
       return ENOMEM;
     }
 
   ret = sscg_init_bignum (tmp_ctx, 0, &bn);
+  CHECK_OK (ret);
 
   /* We'll create a random number of sizeof(unsigned long) - 1 bits
        to use as the serial. We use unsigned long to ensure that it
        could be printed by BN_get_word() later. We omit the last bit
        in order to ensure that we can't randomly get 0xffffffffL, which
-- 
2.19.1