Free data if sk_OPENSSL_STRING_push fails.

Fixes #26203

Reviewed-by: Paul Dale <ppzgs1@gmail.com>
Reviewed-by: Saša Nedvědický <sashan@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/26227)

diff --git a/crypto/x509/by_store.c b/crypto/x509/by_store.c
index 9ba5b31a441e9f8a8d38361e923d4f75f4c08b50..1474474a2d1e9e68fc39f728ccb2781b39031af0 100644 (file)
--- a/crypto/x509/by_store.c
+++ b/crypto/x509/by_store.c
@@ -122,7 +122,11 @@ static int by_store_ctrl_ex(X509_LOOKUP *ctx, int cmd, const char *argp,
                 uris = sk_OPENSSL_STRING_new_null();
                 X509_LOOKUP_set_method_data(ctx, uris);
             }
-            return sk_OPENSSL_STRING_push(uris, data) > 0;
+            if (sk_OPENSSL_STRING_push(uris, data) <= 0) {
+                OPENSSL_free(data);
+                return 0;
+            }
+            return 1;
         }
         /* NOP if no URI is given. */
         return 1;

diff --git a/test/evp_test.c b/test/evp_test.c
index 30a5c854684f3e252e31f57b96c78906f233cc04..4ca11f58290b84294597d5760dcad36bad8a026b 100644 (file)
--- a/test/evp_test.c
+++ b/test/evp_test.c
@@ -202,7 +202,13 @@ static int ctrladd(STACK_OF(OPENSSL_STRING) *controls, const char *value)
 
     if (data == NULL)
         return -1;
-    return sk_OPENSSL_STRING_push(controls, data) > 0;
+
+    if (sk_OPENSSL_STRING_push(controls, data) <= 0) {
+        OPENSSL_free(data);
+        return -1;
+    }
+
+    return 1;
 }
 
 /* Because OPENSSL_free is a macro, it can't be passed as a function pointer */