Fix potential memory leaks with BN_to_ASN1_INTEGER

Reviewed-by: Paul Dale <paul.dale@oracle.com> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/9833)
author: Bernd Edlinger <bernd.edlinger@hotmail.de> 2019-09-09 19:12:25 +0200
committer: Bernd Edlinger <bernd.edlinger@hotmail.de> 2019-09-13 13:21:13 +0200
commit: f28bc7d386b25fb75625d0c62c6b2e6d21de0d09 (patch)
tree: ee6528431b68d77b37e6d65b98dc33237d8ed1aa /crypto/x509
parent: Define the MAC parameter types without using C type names to avoid confusion. (diff)
download: openssl-f28bc7d386b25fb75625d0c62c6b2e6d21de0d09.tar.xz
openssl-f28bc7d386b25fb75625d0c62c6b2e6d21de0d09.zip
1 files changed, 20 insertions, 6 deletions
diff --git a/crypto/x509/v3_asid.c b/crypto/x509/v3_asid.c
index 1d41380c41..2287675005 100644
--- a/crypto/x509/v3_asid.c
+++ b/crypto/x509/v3_asid.c
@@ -256,6 +256,7 @@ static int extract_min_max(ASIdOrRange *aor,
 static int ASIdentifierChoice_is_canonical(ASIdentifierChoice *choice)
 {
     ASN1_INTEGER *a_max_plus_one = NULL;
+    ASN1_INTEGER *orig;
     BIGNUM *bn = NULL;
     int i, ret = 0;
 
@@ -298,9 +299,15 @@ static int ASIdentifierChoice_is_canonical(ASIdentifierChoice *choice)
          */
         if ((bn == NULL && (bn = BN_new()) == NULL) ||
             ASN1_INTEGER_to_BN(a_max, bn) == NULL ||
-            !BN_add_word(bn, 1) ||
-            (a_max_plus_one =
-             BN_to_ASN1_INTEGER(bn, a_max_plus_one)) == NULL) {
+            !BN_add_word(bn, 1)) {
+            X509V3err(X509V3_F_ASIDENTIFIERCHOICE_IS_CANONICAL,
+                      ERR_R_MALLOC_FAILURE);
+            goto done;
+        }
+
+        if ((a_max_plus_one =
+                BN_to_ASN1_INTEGER(bn, orig = a_max_plus_one)) == NULL) {
+            a_max_plus_one = orig;
             X509V3err(X509V3_F_ASIDENTIFIERCHOICE_IS_CANONICAL,
                       ERR_R_MALLOC_FAILURE);
             goto done;
@@ -351,6 +358,7 @@ int X509v3_asid_is_canonical(ASIdentifiers *asid)
 static int ASIdentifierChoice_canonize(ASIdentifierChoice *choice)
 {
     ASN1_INTEGER *a_max_plus_one = NULL;
+    ASN1_INTEGER *orig;
     BIGNUM *bn = NULL;
     int i, ret = 0;
 
@@ -416,9 +424,15 @@ static int ASIdentifierChoice_canonize(ASIdentifierChoice *choice)
          */
         if ((bn == NULL && (bn = BN_new()) == NULL) ||
             ASN1_INTEGER_to_BN(a_max, bn) == NULL ||
-            !BN_add_word(bn, 1) ||
-            (a_max_plus_one =
-             BN_to_ASN1_INTEGER(bn, a_max_plus_one)) == NULL) {
+            !BN_add_word(bn, 1)) {
+            X509V3err(X509V3_F_ASIDENTIFIERCHOICE_CANONIZE,
+                      ERR_R_MALLOC_FAILURE);
+            goto done;
+        }
+
+        if ((a_max_plus_one =
+                 BN_to_ASN1_INTEGER(bn, orig = a_max_plus_one)) == NULL) {
+            a_max_plus_one = orig;
             X509V3err(X509V3_F_ASIDENTIFIERCHOICE_CANONIZE,
                       ERR_R_MALLOC_FAILURE);
             goto done;
author	Bernd Edlinger <bernd.edlinger@hotmail.de>	2019-09-09 19:12:25 +0200
committer	Bernd Edlinger <bernd.edlinger@hotmail.de>	2019-09-13 13:21:13 +0200
commit	f28bc7d386b25fb75625d0c62c6b2e6d21de0d09 (patch)
tree	ee6528431b68d77b37e6d65b98dc33237d8ed1aa /crypto/x509
parent	Define the MAC parameter types without using C type names to avoid confusion. (diff)
download	openssl-f28bc7d386b25fb75625d0c62c6b2e6d21de0d09.tar.xz openssl-f28bc7d386b25fb75625d0c62c6b2e6d21de0d09.zip