]> git.ipfire.org Git - thirdparty/openssl.git/commitdiff
projects / thirdparty / openssl.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: f902716)
v2i_AUTHORITY_KEYID(): Correct out-of-memory behavior and avoid mem leaks
authorDr. David von Oheimb <David.von.Oheimb@siemens.com>
Mon, 7 Dec 2020 16:45:09 +0000 (17:45 +0100)
committerDr. David von Oheimb <David.von.Oheimb@siemens.com>
Thu, 10 Dec 2020 14:19:55 +0000 (15:19 +0100)
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/13614)

crypto/x509/v3_akey.c patch | blob | blame | history

diff --git a/crypto/x509/v3_akey.c b/crypto/x509/v3_akey.c
index a6157fcf4db9d241c191397e2bdfb4d4414ea1d1..96e415aeb1d1966d9bf4c5c70370554e3c92c8a3 100644 (file)
--- a/crypto/x509/v3_akey.c
+++ b/crypto/x509/v3_akey.c
@@ -87,7 +87,10 @@ static AUTHORITY_KEYID *v2i_AUTHORITY_KEYID(X509V3_EXT_METHOD *method,
     ASN1_INTEGER *serial = NULL;
     X509_EXTENSION *ext;
     X509 *cert;
-    AUTHORITY_KEYID *akeyid;
+    AUTHORITY_KEYID *akeyid = AUTHORITY_KEYID_new();
+
+    if (akeyid == NULL)
+        goto err;
 
     for (i = 0; i < sk_CONF_VALUE_num(values); i++) {
         cnf = sk_CONF_VALUE_value(values, i);
@@ -102,15 +105,15 @@ static AUTHORITY_KEYID *v2i_AUTHORITY_KEYID(X509V3_EXT_METHOD *method,
         } else {
             ERR_raise_data(ERR_LIB_X509V3, X509V3_R_UNKNOWN_OPTION,
                            "name=%s", cnf->name);
-            return NULL;
+            goto err;
         }
     }
 
     if (!ctx || !ctx->issuer_cert) {
         if (ctx && (ctx->flags == CTX_TEST))
-            return AUTHORITY_KEYID_new();
+            return akeyid;
         ERR_raise(ERR_LIB_X509V3, X509V3_R_NO_ISSUER_CERTIFICATE);
-        return NULL;
+        goto err;
     }
 
     cert = ctx->issuer_cert;
@@ -121,7 +124,7 @@ static AUTHORITY_KEYID *v2i_AUTHORITY_KEYID(X509V3_EXT_METHOD *method,
             ikeyid = X509V3_EXT_d2i(ext);
         if ((keyid == 2 || issuer == 0) && ikeyid == NULL) {
             ERR_raise(ERR_LIB_X509V3, X509V3_R_UNABLE_TO_GET_ISSUER_KEYID);
-            return NULL;
+            goto err;
         }
     }
 
@@ -134,9 +137,6 @@ static AUTHORITY_KEYID *v2i_AUTHORITY_KEYID(X509V3_EXT_METHOD *method,
         }
     }
 
-    if ((akeyid = AUTHORITY_KEYID_new()) == NULL)
-        goto err;
-
     if (isname) {
         if ((gens = sk_GENERAL_NAME_new_null()) == NULL
             || (gen = GENERAL_NAME_new()) == NULL
@@ -162,5 +162,6 @@ static AUTHORITY_KEYID *v2i_AUTHORITY_KEYID(X509V3_EXT_METHOD *method,
     X509_NAME_free(isname);
     ASN1_INTEGER_free(serial);
     ASN1_OCTET_STRING_free(ikeyid);
+    AUTHORITY_KEYID_free(akeyid);
     return NULL;
 }
Mirror of https://github.com/openssl/openssl.git