From: Dr. David von Oheimb <David.von.Oheimb@siemens.com>
Date: Mon, 7 Dec 2020 16:45:09 +0000 (+0100)
Subject: v2i_AUTHORITY_KEYID(): Correct out-of-memory behavior and avoid mem leaks
X-Git-Tag: openssl-3.0.0-alpha10~91
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=8ca661abd78b0e0c45340100169c4b47c0290142;p=thirdparty%2Fopenssl.git

v2i_AUTHORITY_KEYID(): Correct out-of-memory behavior and avoid mem leaks

Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/13614)
---

diff --git a/crypto/x509/v3_akey.c b/crypto/x509/v3_akey.c
index a6157fcf4db..96e415aeb1d 100644
--- a/crypto/x509/v3_akey.c
+++ b/crypto/x509/v3_akey.c
@@ -87,7 +87,10 @@ static AUTHORITY_KEYID *v2i_AUTHORITY_KEYID(X509V3_EXT_METHOD *method,
     ASN1_INTEGER *serial = NULL;
     X509_EXTENSION *ext;
     X509 *cert;
-    AUTHORITY_KEYID *akeyid;
+    AUTHORITY_KEYID *akeyid = AUTHORITY_KEYID_new();
+
+    if (akeyid == NULL)
+        goto err;
 
     for (i = 0; i < sk_CONF_VALUE_num(values); i++) {
         cnf = sk_CONF_VALUE_value(values, i);
@@ -102,15 +105,15 @@ static AUTHORITY_KEYID *v2i_AUTHORITY_KEYID(X509V3_EXT_METHOD *method,
         } else {
             ERR_raise_data(ERR_LIB_X509V3, X509V3_R_UNKNOWN_OPTION,
                            "name=%s", cnf->name);
-            return NULL;
+            goto err;
         }
     }
 
     if (!ctx || !ctx->issuer_cert) {
         if (ctx && (ctx->flags == CTX_TEST))
-            return AUTHORITY_KEYID_new();
+            return akeyid;
         ERR_raise(ERR_LIB_X509V3, X509V3_R_NO_ISSUER_CERTIFICATE);
-        return NULL;
+        goto err;
     }
 
     cert = ctx->issuer_cert;
@@ -121,7 +124,7 @@ static AUTHORITY_KEYID *v2i_AUTHORITY_KEYID(X509V3_EXT_METHOD *method,
             ikeyid = X509V3_EXT_d2i(ext);
         if ((keyid == 2 || issuer == 0) && ikeyid == NULL) {
             ERR_raise(ERR_LIB_X509V3, X509V3_R_UNABLE_TO_GET_ISSUER_KEYID);
-            return NULL;
+            goto err;
         }
     }
 
@@ -134,9 +137,6 @@ static AUTHORITY_KEYID *v2i_AUTHORITY_KEYID(X509V3_EXT_METHOD *method,
         }
     }
 
-    if ((akeyid = AUTHORITY_KEYID_new()) == NULL)
-        goto err;
-
     if (isname) {
         if ((gens = sk_GENERAL_NAME_new_null()) == NULL
             || (gen = GENERAL_NAME_new()) == NULL
@@ -162,5 +162,6 @@ static AUTHORITY_KEYID *v2i_AUTHORITY_KEYID(X509V3_EXT_METHOD *method,
     X509_NAME_free(isname);
     ASN1_INTEGER_free(serial);
     ASN1_OCTET_STRING_free(ikeyid);
+    AUTHORITY_KEYID_free(akeyid);
     return NULL;
 }