From: Tomas Mraz <tomas@openssl.org>
Date: Wed, 22 Jan 2025 08:57:36 +0000 (+0100)
Subject: add_uris_recursive(): Avoid OSSL_STORE_INFO leak on error
X-Git-Tag: openssl-3.3.4~154
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=e8d791f41c27c18f66f6b8c5369eef44aeb76417;p=thirdparty%2Fopenssl.git

add_uris_recursive(): Avoid OSSL_STORE_INFO leak on error

Fixes #26480

Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/26511)

(cherry picked from commit be5965acad7a1c45e49411bcf4abad99d106a7c1)
---

diff --git a/ssl/ssl_cert.c b/ssl/ssl_cert.c
index 2757723dd3f..9ce93695c92 100644
--- a/ssl/ssl_cert.c
+++ b/ssl/ssl_cert.c
@@ -926,16 +926,17 @@ static int add_uris_recursive(STACK_OF(X509_NAME) *stack,
     OSSL_STORE_CTX *ctx = NULL;
     X509 *x = NULL;
     X509_NAME *xn = NULL;
+    OSSL_STORE_INFO *info = NULL;
 
     if ((ctx = OSSL_STORE_open(uri, NULL, NULL, NULL, NULL)) == NULL)
         goto err;
 
     while (!OSSL_STORE_eof(ctx) && !OSSL_STORE_error(ctx)) {
-        OSSL_STORE_INFO *info = OSSL_STORE_load(ctx);
-        int infotype = info == 0 ? 0 : OSSL_STORE_INFO_get_type(info);
+        int infotype;
 
-        if (info == NULL)
+        if ((info = OSSL_STORE_load(ctx)) == NULL)
             continue;
+        infotype = OSSL_STORE_INFO_get_type(info);
 
         if (infotype == OSSL_STORE_INFO_NAME) {
             /*
@@ -960,6 +961,7 @@ static int add_uris_recursive(STACK_OF(X509_NAME) *stack,
         }
 
         OSSL_STORE_INFO_free(info);
+        info = NULL;
     }
 
     ERR_clear_error();
@@ -967,6 +969,7 @@ static int add_uris_recursive(STACK_OF(X509_NAME) *stack,
 
  err:
     ok = 0;
+    OSSL_STORE_INFO_free(info);
  done:
     OSSL_STORE_close(ctx);