[openssl-commits] [openssl] OpenSSL_1_0_2-stable update
Matt Caswell
matt at openssl.org
Fri Aug 26 13:45:40 UTC 2016
The branch OpenSSL_1_0_2-stable has been updated
via a404656a8b40d9f1172e5e330f7e2d9d87cabab8 (commit)
from 50c30153d3fe887d0f6c8c0514bc825c4f3dec6a (commit)
- Log -----------------------------------------------------------------
commit a404656a8b40d9f1172e5e330f7e2d9d87cabab8
Author: FdaSilvaYY <fdasilvayy at gmail.com>
Date: Tue Apr 5 00:33:41 2016 +0200
Fix a few leaks in X509_REQ_to_X509.
Fix a possible leak on NETSCAPE_SPKI_verify failure.
Backport of 0517538d1a39bc
Backport of f6c006ea76304a
Reviewed-by: Rich Salz <rsalz at openssl.org>
Reviewed-by: Matt Caswell <matt at openssl.org>
-----------------------------------------------------------------------
Summary of changes:
apps/ca.c | 1 +
crypto/x509/x509_r2x.c | 14 +++++++++-----
2 files changed, 10 insertions(+), 5 deletions(-)
diff --git a/apps/ca.c b/apps/ca.c
index 8a3c1e5..a0ec583 100644
--- a/apps/ca.c
+++ b/apps/ca.c
@@ -2305,6 +2305,7 @@ static int certify_spkac(X509 **xret, char *infile, EVP_PKEY *pkey,
j = NETSCAPE_SPKI_verify(spki, pktmp);
if (j <= 0) {
+ EVP_PKEY_free(pktmp);
BIO_printf(bio_err,
"signature verification failed on SPKAC public key\n");
goto err;
diff --git a/crypto/x509/x509_r2x.c b/crypto/x509/x509_r2x.c
index 0ff439c..2879569 100644
--- a/crypto/x509/x509_r2x.c
+++ b/crypto/x509/x509_r2x.c
@@ -70,10 +70,12 @@ X509 *X509_REQ_to_X509(X509_REQ *r, int days, EVP_PKEY *pkey)
X509 *ret = NULL;
X509_CINF *xi = NULL;
X509_NAME *xn;
+ EVP_PKEY *pubkey = NULL;
+ int res;
if ((ret = X509_new()) == NULL) {
X509err(X509_F_X509_REQ_TO_X509, ERR_R_MALLOC_FAILURE);
- goto err;
+ return NULL;
}
/* duplicate the request */
@@ -89,9 +91,9 @@ X509 *X509_REQ_to_X509(X509_REQ *r, int days, EVP_PKEY *pkey)
}
xn = X509_REQ_get_subject_name(r);
- if (X509_set_subject_name(ret, X509_NAME_dup(xn)) == 0)
+ if (X509_set_subject_name(ret, xn) == 0)
goto err;
- if (X509_set_issuer_name(ret, X509_NAME_dup(xn)) == 0)
+ if (X509_set_issuer_name(ret, xn) == 0)
goto err;
if (X509_gmtime_adj(xi->validity->notBefore, 0) == NULL)
@@ -100,9 +102,11 @@ X509 *X509_REQ_to_X509(X509_REQ *r, int days, EVP_PKEY *pkey)
NULL)
goto err;
- X509_set_pubkey(ret, X509_REQ_get_pubkey(r));
+ pubkey = X509_REQ_get_pubkey(r);
+ res = X509_set_pubkey(ret, pubkey);
+ EVP_PKEY_free(pubkey);
- if (!X509_sign(ret, pkey, EVP_md5()))
+ if (!res || !X509_sign(ret, pkey, EVP_md5()))
goto err;
if (0) {
err:
More information about the openssl-commits
mailing list