diff options
| author | mrpre <mrpre@163.com> | 2015-08-29 04:26:39 +0200 |
|---|---|---|
| committer | Rich Salz <rsalz@openssl.org> | 2015-09-05 23:25:10 +0200 |
| commit | ecdaa1aefd30a3624624a28139a1e78e17993725 (patch) | |
| tree | 136c09b67c0b621452a39a92f366364377c8aed1 | |
| parent | RT3951: Add X509_V_FLAG_NO_CHECK_TIME to suppress time check (diff) | |
| download | openssl-ecdaa1aefd30a3624624a28139a1e78e17993725.tar.xz openssl-ecdaa1aefd30a3624624a28139a1e78e17993725.zip | |
In X509_STORE_CTX_init, cleanup on failure
Signed-off-by: Rich Salz <rsalz@akamai.com>
Reviewed-by: Tim Hudson <tjh@openssl.org>
| -rw-r--r-- | crypto/x509/x509_vfy.c | 60 |
1 files changed, 33 insertions, 27 deletions
diff --git a/crypto/x509/x509_vfy.c b/crypto/x509/x509_vfy.c index 2b2d5ada3d..9cecde75cd 100644 --- a/crypto/x509/x509_vfy.c +++ b/crypto/x509/x509_vfy.c @@ -2286,6 +2286,7 @@ int X509_STORE_CTX_init(X509_STORE_CTX *ctx, X509_STORE *store, X509 *x509, STACK_OF(X509) *chain) { int ret = 1; + ctx->ctx = store; ctx->current_method = 0; ctx->cert = x509; @@ -2306,37 +2307,12 @@ int X509_STORE_CTX_init(X509_STORE_CTX *ctx, X509_STORE *store, X509 *x509, ctx->tree = NULL; ctx->parent = NULL; - ctx->param = X509_VERIFY_PARAM_new(); - - if (!ctx->param) { - X509err(X509_F_X509_STORE_CTX_INIT, ERR_R_MALLOC_FAILURE); - return 0; - } - - /* - * Inherit callbacks and flags from X509_STORE if not set use defaults. - */ - - if (store) - ret = X509_VERIFY_PARAM_inherit(ctx->param, store->param); - else - ctx->param->inh_flags |= X509_VP_FLAG_DEFAULT | X509_VP_FLAG_ONCE; - if (store) { ctx->verify_cb = store->verify_cb; ctx->cleanup = store->cleanup; } else ctx->cleanup = 0; - if (ret) - ret = X509_VERIFY_PARAM_inherit(ctx->param, - X509_VERIFY_PARAM_lookup("default")); - - if (ret == 0) { - X509err(X509_F_X509_STORE_CTX_INIT, ERR_R_MALLOC_FAILURE); - return 0; - } - if (store && store->check_issued) ctx->check_issued = store->check_issued; else @@ -2390,16 +2366,46 @@ int X509_STORE_CTX_init(X509_STORE_CTX *ctx, X509_STORE *store, X509 *x509, ctx->check_policy = check_policy; /* + * For ctx->cleanup running well in X509_STORE_CTX_cleanup , + * initial all ctx before exceptional handling. + */ + ctx->param = X509_VERIFY_PARAM_new(); + if (ctx->param == NULL) { + X509err(X509_F_X509_STORE_CTX_INIT, ERR_R_MALLOC_FAILURE); + goto err; + } + + /* + * Inherit callbacks and flags from X509_STORE if not set use defaults. + */ + if (store) + ret = X509_VERIFY_PARAM_inherit(ctx->param, store->param); + else + ctx->param->inh_flags |= X509_VP_FLAG_DEFAULT | X509_VP_FLAG_ONCE; + + if (ret) + ret = X509_VERIFY_PARAM_inherit(ctx->param, + X509_VERIFY_PARAM_lookup("default")); + + if (ret == 0) { + X509err(X509_F_X509_STORE_CTX_INIT, ERR_R_MALLOC_FAILURE); + goto err; + } + + /* * Since X509_STORE_CTX_cleanup does a proper "free" on the ex_data, we * put a corresponding "new" here. */ if (!CRYPTO_new_ex_data(CRYPTO_EX_INDEX_X509_STORE_CTX, ctx, &(ctx->ex_data))) { - OPENSSL_free(ctx); X509err(X509_F_X509_STORE_CTX_INIT, ERR_R_MALLOC_FAILURE); - return 0; + goto err; } return 1; + +err: + X509_STORE_CTX_cleanup(ctx); + return 0; } /* |