From: Eugene Syromiatnikov Date: Mon, 1 Sep 2025 14:34:34 +0000 (+0200) Subject: crypto/x509/t_req.c: avoid exts leaking on error paths X-Git-Tag: 4.0-PRE-CLANG-FORMAT-WEBKIT~577 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=71c8e2baa3b9f1a6b1a545b874782ccbd7ed02fc;p=thirdparty%2Fopenssl.git crypto/x509/t_req.c: avoid exts leaking on error paths If an error occurred and jump to the "err" label is performed after exts has been allocated, it can leak. Avoid that by adding sk_X509_EXTENSION_pop_free() on the error path and setting exts to NULL after sk_X509_EXTENSION_pop_free() in the normal handling. Fixes: ae880ae6719e "Fix error handling in X509_REQ_print_ex" Fixes: 87c49f622e7f "Support for parsing of certificate extensions in PKCS#10 requests: these are" Resolves: https://scan5.scan.coverity.com/#/project-view/65248/10222?selectedIssue=1665161 References: https://github.com/openssl/project/issues/1362 Signed-off-by: Eugene Syromiatnikov Reviewed-by: Tomas Mraz Reviewed-by: Paul Dale Reviewed-by: Neil Horman (Merged from https://github.com/openssl/openssl/pull/28405) --- diff --git a/crypto/x509/t_req.c b/crypto/x509/t_req.c index 63626c0d981..1c5f41d6765 100644 --- a/crypto/x509/t_req.c +++ b/crypto/x509/t_req.c @@ -40,7 +40,7 @@ int X509_REQ_print_ex(BIO *bp, X509_REQ *x, unsigned long nmflags, long l; int i; EVP_PKEY *pkey; - STACK_OF(X509_EXTENSION) *exts; + STACK_OF(X509_EXTENSION) *exts = NULL; char mlch = ' '; int nmindent = 0, printok = 0; @@ -191,6 +191,7 @@ int X509_REQ_print_ex(BIO *bp, X509_REQ *x, unsigned long nmflags, goto err; } sk_X509_EXTENSION_pop_free(exts, X509_EXTENSION_free); + exts = NULL; } } @@ -204,6 +205,7 @@ int X509_REQ_print_ex(BIO *bp, X509_REQ *x, unsigned long nmflags, return 1; err: + sk_X509_EXTENSION_pop_free(exts, X509_EXTENSION_free); ERR_raise(ERR_LIB_X509, ERR_R_BUF_LIB); return 0; }