]> git.ipfire.org Git - thirdparty/openssl.git/commitdiff
projects / thirdparty / openssl.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 82fb46d)
APPS/ocsp: avoid memory leaks on error
authorJoshua Rogers <MegaManSec@users.noreply.github.com>
Fri, 10 Oct 2025 12:58:46 +0000 (20:58 +0800)
committerDr. David von Oheimb <dev@ddvo.net>
Thu, 16 Oct 2025 17:46:38 +0000 (19:46 +0200)
Signed-off-by: Joshua Rogers <MegaManSec@users.noreply.github.com>
Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Saša Nedvědický <sashan@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/28823)

apps/ocsp.c patch | blob | blame | history

diff --git a/apps/ocsp.c b/apps/ocsp.c
index 1f8207bff9d2490382b26c9f1bef15a4d58e2cc4..4769880fc6907aeb45675f71c2aa3a6015308c61 100644 (file)
--- a/apps/ocsp.c
+++ b/apps/ocsp.c
@@ -907,7 +907,7 @@ static int add_ocsp_cert(OCSP_REQUEST **req, X509 *cert,
                          const EVP_MD *cert_id_md, X509 *issuer,
                          STACK_OF(OCSP_CERTID) *ids)
 {
-    OCSP_CERTID *id;
+    OCSP_CERTID *id = NULL;
 
     if (issuer == NULL) {
         BIO_printf(bio_err, "No issuer certificate specified\n");
@@ -920,11 +920,14 @@ static int add_ocsp_cert(OCSP_REQUEST **req, X509 *cert,
     id = OCSP_cert_to_id(cert_id_md, cert, issuer);
     if (id == NULL || !sk_OCSP_CERTID_push(ids, id))
         goto err;
-    if (!OCSP_request_add0_id(*req, id))
+    if (!OCSP_request_add0_id(*req, id)) {
+        id = NULL;
         goto err;
+    }
     return 1;
 
  err:
+    OCSP_CERTID_free(id);
     BIO_printf(bio_err, "Error Creating OCSP request\n");
     return 0;
 }
@@ -933,7 +936,7 @@ static int add_ocsp_serial(OCSP_REQUEST **req, char *serial,
                            const EVP_MD *cert_id_md, X509 *issuer,
                            STACK_OF(OCSP_CERTID) *ids)
 {
-    OCSP_CERTID *id;
+    OCSP_CERTID *id = NULL;
     const X509_NAME *iname;
     ASN1_BIT_STRING *ikey;
     ASN1_INTEGER *sno;
@@ -957,11 +960,14 @@ static int add_ocsp_serial(OCSP_REQUEST **req, char *serial,
     ASN1_INTEGER_free(sno);
     if (id == NULL || !sk_OCSP_CERTID_push(ids, id))
         goto err;
-    if (!OCSP_request_add0_id(*req, id))
+    if (!OCSP_request_add0_id(*req, id)) {
+        id = NULL;
         goto err;
+    }
     return 1;
 
  err:
+    OCSP_CERTID_free(id);
     BIO_printf(bio_err, "Error Creating OCSP request\n");
     return 0;
 }
Mirror of https://github.com/openssl/openssl.git