x509: Handle ossl_policy_level_add_node errors

author Clemens Lang <cllang@redhat.com>

Wed, 24 May 2023 11:12:54 +0000 (13:12 +0200)

committer Tomas Mraz <tomas@openssl.org>

Mon, 29 May 2023 12:54:57 +0000 (14:54 +0200)
author Clemens Lang <cllang@redhat.com>
Wed, 24 May 2023 11:12:54 +0000 (13:12 +0200)
committer Tomas Mraz <tomas@openssl.org>
Mon, 29 May 2023 12:54:57 +0000 (14:54 +0200)
diff --git a/crypto/x509/pcy_tree.c b/crypto/x509/pcy_tree.c

index f953a05a41a62e89ff64c3eb43cb7d13c7b1e5be..9a0251c2b39d0e924d1d627b0756411878faafb5 100644 (file)
--- a/crypto/x509/pcy_tree.c
+++ b/crypto/x509/pcy_tree.c
@@ -25,6 +25,8 @@
  # define OPENSSL_POLICY_TREE_NODES_MAX 1000
  #endif
  
+static void exnode_free(X509_POLICY_NODE *node);
+
  static void expected_print(BIO *channel,
                             X509_POLICY_LEVEL *lev, X509_POLICY_NODE *node,
                             int indent)
@@ -570,14 +572,22 @@ static int tree_calculate_user_set(X509_POLICY_TREE *tree,
                  | POLICY_DATA_FLAG_EXTRA_NODE;
              node = ossl_policy_level_add_node(NULL, extra, anyPolicy->parent,
                                                tree, 1);
+            if (node == NULL) {
+                ossl_policy_data_free(extra);
+                return 0;
+            }
          }
          if (!tree->user_policies) {
              tree->user_policies = sk_X509_POLICY_NODE_new_null();
-            if (!tree->user_policies)
-                return 1;
+            if (!tree->user_policies) {
+                exnode_free(node);
+                return 0;
+            }
          }
-        if (!sk_X509_POLICY_NODE_push(tree->user_policies, node))
+        if (!sk_X509_POLICY_NODE_push(tree->user_policies, node)) {
+            exnode_free(node);
              return 0;
+        }
      }
      return 1;
  }
author	Clemens Lang <cllang@redhat.com>
	Wed, 24 May 2023 11:12:54 +0000 (13:12 +0200)
committer	Tomas Mraz <tomas@openssl.org>
	Mon, 29 May 2023 12:54:57 +0000 (14:54 +0200)