x509: fix mem leak on error path

The x509_store_add() creates X509_OBJECT wrapping either X509 or
X509_CRL. However, if you set the type to X509_LU_NONE before
X509_OBJECT_free then it skips the free on the wrapped type and just
calls OPENSSL_free on the object itself. Hence, leaking wrapped
object.

Signed-off-by: Nikola Pajkovsky <nikolap@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/28631)

(cherry picked from commit 8a4ef31f3ab9c8e512d29600ccc833cf03533b9e)

diff --git a/crypto/x509/x509_lu.c b/crypto/x509/x509_lu.c
index 11f59722d85eaae6d7882dfaa0d294082094c3da..c81351fd3b2731d52be120b882776d7368de3674 100644 (file)
--- a/crypto/x509/x509_lu.c
+++ b/crypto/x509/x509_lu.c
@@ -408,7 +408,6 @@ static int x509_store_add(X509_STORE *store, void *x, int crl)
     }
 
     if (!X509_STORE_lock(store)) {
-        obj->type = X509_LU_NONE;
         X509_OBJECT_free(obj);
         return 0;
     }