diff options
| author | Dr. David von Oheimb <David.von.Oheimb@siemens.com> | 2021-03-04 21:17:31 +0100 |
|---|---|---|
| committer | Dr. David von Oheimb <dev@ddvo.net> | 2021-05-19 20:15:26 +0200 |
| commit | 558f2a014646bb057f3876b28e32b13d8178400e (patch) | |
| tree | 7614a79f8fdb753ab4660b9e77b140304662b98f | |
| parent | X509 build_chain(): Make the variable 'curr' local to the loop body (diff) | |
| download | openssl-558f2a014646bb057f3876b28e32b13d8178400e.tar.xz openssl-558f2a014646bb057f3876b28e32b13d8178400e.zip | |
X509 build_chain(): Fix two potential memory leaks on issuer variable
This also removes an inadequate guard: if (num == ctx->num_untrusted)
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14422)
| -rw-r--r-- | crypto/x509/x509_vfy.c | 14 |
1 files changed, 8 insertions, 6 deletions
diff --git a/crypto/x509/x509_vfy.c b/crypto/x509/x509_vfy.c index 054dffc7dc..ddb3378eee 100644 --- a/crypto/x509/x509_vfy.c +++ b/crypto/x509/x509_vfy.c @@ -2965,10 +2965,10 @@ static int dane_verify(X509_STORE_CTX *ctx) } /* - * Get issuer, without duplicate suppression + * Get trusted issuer, without duplicate suppression * Returns -1 on internal error. */ -static int get_issuer(X509 **issuer, X509_STORE_CTX *ctx, X509 *cert) +static int get1_trusted_issuer(X509 **issuer, X509_STORE_CTX *ctx, X509 *cert) { STACK_OF(X509) *saved_chain = ctx->chain; int ok; @@ -3090,8 +3090,8 @@ static int build_chain(X509_STORE_CTX *ctx) } curr = sk_X509_value(ctx->chain, i - 1); - /* Note: get_issuer() must be used even if curr is self-signed. */ - ok = num > max_depth ? 0 : get_issuer(&issuer, ctx, curr); + /* Note: get1_trusted_issuer() must be used even if self-signed. */ + ok = num > max_depth ? 0 : get1_trusted_issuer(&issuer, ctx, curr); if (ok < 0) { trust = -1; @@ -3102,8 +3102,10 @@ static int build_chain(X509_STORE_CTX *ctx) if (ok > 0) { int self_signed = X509_self_signed(curr, 0); - if (self_signed < 0) + if (self_signed < 0) { + X509_free(issuer); goto int_err; + } /* * Alternative trusted issuer for a mid-chain untrusted cert? * Pop the untrusted cert's successors and retry. We might now @@ -3150,7 +3152,7 @@ static int build_chain(X509_STORE_CTX *ctx) } if ((self_signed = X509_self_signed(issuer, 0)) < 0) goto int_err; - } else if (num == ctx->num_untrusted) { + } else { /* * We have a self-signed certificate that has the same * subject name (and perhaps keyid and/or serial number) as |