From: Tomas Mraz Date: Thu, 5 Aug 2021 10:44:58 +0000 (+0200) Subject: Avoid freeing the conf lhashes in X509_V3_EXT*_add_conf X-Git-Tag: openssl-3.0.0~133 X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=c2b94c0a15254ad8cb28d07ed7793e975ae6736f;p=thirdparty%2Fopenssl.git Avoid freeing the conf lhashes in X509_V3_EXT*_add_conf Fixes #16226 Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/16227) --- diff --git a/crypto/x509/v3_conf.c b/crypto/x509/v3_conf.c index 9997595653e..1c11d671b2e 100644 --- a/crypto/x509/v3_conf.c +++ b/crypto/x509/v3_conf.c @@ -487,6 +487,7 @@ X509_EXTENSION *X509V3_EXT_conf(LHASH_OF(CONF_VALUE) *conf, X509V3_CTX *ctx, return NULL; CONF_set_nconf(ctmp, conf); ret = X509V3_EXT_nconf(ctmp, ctx, name, value); + CONF_set_nconf(ctmp, NULL); NCONF_free(ctmp); return ret; } @@ -501,6 +502,7 @@ X509_EXTENSION *X509V3_EXT_conf_nid(LHASH_OF(CONF_VALUE) *conf, return NULL; CONF_set_nconf(ctmp, conf); ret = X509V3_EXT_nconf_nid(ctmp, ctx, ext_nid, value); + CONF_set_nconf(ctmp, NULL); NCONF_free(ctmp); return ret; } @@ -542,6 +544,7 @@ int X509V3_EXT_add_conf(LHASH_OF(CONF_VALUE) *conf, X509V3_CTX *ctx, return 0; CONF_set_nconf(ctmp, conf); ret = X509V3_EXT_add_nconf(ctmp, ctx, section, cert); + CONF_set_nconf(ctmp, NULL); NCONF_free(ctmp); return ret; } @@ -558,6 +561,7 @@ int X509V3_EXT_CRL_add_conf(LHASH_OF(CONF_VALUE) *conf, X509V3_CTX *ctx, return 0; CONF_set_nconf(ctmp, conf); ret = X509V3_EXT_CRL_add_nconf(ctmp, ctx, section, crl); + CONF_set_nconf(ctmp, NULL); NCONF_free(ctmp); return ret; } @@ -574,6 +578,7 @@ int X509V3_EXT_REQ_add_conf(LHASH_OF(CONF_VALUE) *conf, X509V3_CTX *ctx, return 0; CONF_set_nconf(ctmp, conf); ret = X509V3_EXT_REQ_add_nconf(ctmp, ctx, section, req); + CONF_set_nconf(ctmp, NULL); NCONF_free(ctmp); return ret; }