]> git.ipfire.org Git - thirdparty/openssl.git/commitdiff
projects / thirdparty / openssl.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 7158339)
Fix loading more than one certificate in PEM format in X509_load_cert_file_ex()
authorolszomal <Malgorzata.Olszowka@stunnel.org>
Thu, 30 Nov 2023 11:53:40 +0000 (12:53 +0100)
committerTomas Mraz <tomas@openssl.org>
Mon, 4 Dec 2023 08:52:12 +0000 (09:52 +0100)
Fixes #22895

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22885)

crypto/x509/by_file.c patch | blob | blame | history

diff --git a/crypto/x509/by_file.c b/crypto/x509/by_file.c
index 450bbba0537b6a20adf923e0cae58254804b4f19..5073c137a20b1ca7ccd1ba1e64e716c1db79c734 100644 (file)
--- a/crypto/x509/by_file.c
+++ b/crypto/x509/by_file.c
@@ -128,6 +128,17 @@ int X509_load_cert_file_ex(X509_LOOKUP *ctx, const char *file, int type,
                 count = 0;
                 goto err;
             }
+            /*
+             * X509_STORE_add_cert() added a reference rather than a copy,
+             * so we need a fresh X509 object.
+             */
+            X509_free(x);
+            x = X509_new_ex(libctx, propq);
+            if (x == NULL) {
+                ERR_raise(ERR_LIB_X509, ERR_R_ASN1_LIB);
+                count = 0;
+                goto err;
+            }
             count++;
         }
     } else if (type == X509_FILETYPE_ASN1) {
Mirror of https://github.com/openssl/openssl.git