From: Dr. David von Oheimb Date: Wed, 12 Aug 2020 20:07:51 +0000 (+0200) Subject: Make sure x509v3_cache_extensions() does not modify the error queue X-Git-Tag: openssl-3.0.0-alpha7~541 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=de3713d492556e684e71eccf3c20116d00616277;p=thirdparty%2Fopenssl.git Make sure x509v3_cache_extensions() does not modify the error queue Reviewed-by: Shane Lontis (Merged from https://github.com/openssl/openssl/pull/11808) --- diff --git a/crypto/x509/v3_purp.c b/crypto/x509/v3_purp.c index 9e0190a038d..d7d0aae3b34 100644 --- a/crypto/x509/v3_purp.c +++ b/crypto/x509/v3_purp.c @@ -396,6 +396,7 @@ int x509v3_cache_extensions(X509 *x) CRYPTO_THREAD_unlock(x->lock); return (x->ex_flags & EXFLAG_INVALID) == 0; } + ERR_set_mark(); if (!X509_digest(x, EVP_sha1(), x->sha1_hash, NULL)) x->ex_flags |= EXFLAG_INVALID; @@ -572,6 +573,7 @@ int x509v3_cache_extensions(X509 *x) * all stores are visible on all processors. Hence the release fence. */ #endif + ERR_pop_to_mark(); CRYPTO_THREAD_unlock(x->lock); return (x->ex_flags & EXFLAG_INVALID) == 0;