diff options
| author | FdaSilvaYY <fdasilvayy@gmail.com> | 2017-08-11 15:41:55 +0200 |
|---|---|---|
| committer | Andy Polyakov <appro@openssl.org> | 2017-11-10 09:45:17 +0100 |
| commit | 1687aa760cdd164b12c5b70e65cadcbce1e7ccfa (patch) | |
| tree | 330edc39adf96b930d99ba6a55c1e15632afd643 /crypto | |
| parent | util/copy.pl: work around glob quirk in some of earlier 5.1x Perl versions. (diff) | |
| download | openssl-1687aa760cdd164b12c5b70e65cadcbce1e7ccfa.tar.xz openssl-1687aa760cdd164b12c5b70e65cadcbce1e7ccfa.zip | |
Fix possible leaks on sk_X509_EXTENSION_push() failure ...
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Andy Polyakov <appro@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/4677)
Diffstat (limited to 'crypto')
| -rw-r--r-- | crypto/x509v3/v3_lib.c | 25 |
1 files changed, 18 insertions, 7 deletions
diff --git a/crypto/x509v3/v3_lib.c b/crypto/x509v3/v3_lib.c index d9058006e8..f51aa9624c 100644 --- a/crypto/x509v3/v3_lib.c +++ b/crypto/x509v3/v3_lib.c @@ -54,6 +54,7 @@ const X509V3_EXT_METHOD *X509V3_EXT_get_nid(int nid) X509V3_EXT_METHOD tmp; const X509V3_EXT_METHOD *t = &tmp, *const *ret; int idx; + if (nid < 0) return NULL; tmp.ext_nid = nid; @@ -165,6 +166,7 @@ void *X509V3_get_d2i(const STACK_OF(X509_EXTENSION) *x, int nid, int *crit, { int lastpos, i; X509_EXTENSION *ex, *found_ex = NULL; + if (!x) { if (idx) *idx = -1; @@ -218,9 +220,9 @@ void *X509V3_get_d2i(const STACK_OF(X509_EXTENSION) *x, int nid, int *crit, int X509V3_add1_i2d(STACK_OF(X509_EXTENSION) **x, int nid, void *value, int crit, unsigned long flags) { - int extidx = -1; - int errcode; - X509_EXTENSION *ext, *extmp; + int errcode, extidx = -1; + X509_EXTENSION *ext = NULL, *extmp; + STACK_OF(X509_EXTENSION) *ret = NULL; unsigned long ext_op = flags & X509V3_ADD_OP_MASK; /* @@ -279,14 +281,23 @@ int X509V3_add1_i2d(STACK_OF(X509_EXTENSION) **x, int nid, void *value, return 1; } + ret = *x; if (*x == NULL - && (*x = sk_X509_EXTENSION_new_null()) == NULL) - return -1; - if (!sk_X509_EXTENSION_push(*x, ext)) - return -1; + && (ret = sk_X509_EXTENSION_new_null()) == NULL) + goto m_fail; + if (!sk_X509_EXTENSION_push(ret, ext)) + goto m_fail; + *x = ret; return 1; + m_fail: + /* X509V3err(X509V3_F_X509V3_ADD1_I2D, ERR_R_MALLOC_FAILURE); */ + if (ret != *x) + sk_X509_EXTENSION_free(ret); + X509_EXTENSION_free(ext); + return -1; + err: if (!(flags & X509V3_ADD_SILENT)) X509V3err(X509V3_F_X509V3_ADD1_I2D, errcode); |