[openssl-commits] [openssl] OpenSSL_1_0_2-stable update

Rich Salz rsalz at openssl.org
Wed Jul 20 05:32:31 UTC 2016


The branch OpenSSL_1_0_2-stable has been updated
       via  941d9fb6bdfacbdab6325d24d65402b75afc20c5 (commit)
      from  b5c835b39917a715ef45c48e521427eb08221d4d (commit)


- Log -----------------------------------------------------------------
commit 941d9fb6bdfacbdab6325d24d65402b75afc20c5
Author: Todd Short <tshort at akamai.com>
Date:   Tue Jul 5 09:59:29 2016 -0400

    OCSP_request_add0_id() inconsistent error return
    
    There are two failure cases for OCSP_request_add_id():
    1. OCSP_ONEREQ_new() failure, where |cid| is not freed
    2. sk_OCSP_ONEREQ_push() failure, where |cid| is freed
    
    This changes makes the error behavior consistent, such that |cid| is
    not freed when sk_OCSP_ONEREQ_push() fails. OpenSSL only takes
    ownership of |cid| when the function succeeds.
    
    Reviewed-by: Matt Caswell <matt at openssl.org>
    Reviewed-by: Rich Salz <rsalz at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/1289)
    (cherry picked from commit 415e7c488e09119a42be24129e38ddd43524ee06)

-----------------------------------------------------------------------

Summary of changes:
 crypto/ocsp/ocsp_cl.c | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/crypto/ocsp/ocsp_cl.c b/crypto/ocsp/ocsp_cl.c
index b3612c8..fca7db0 100644
--- a/crypto/ocsp/ocsp_cl.c
+++ b/crypto/ocsp/ocsp_cl.c
@@ -93,8 +93,10 @@ OCSP_ONEREQ *OCSP_request_add0_id(OCSP_REQUEST *req, OCSP_CERTID *cid)
     if (one->reqCert)
         OCSP_CERTID_free(one->reqCert);
     one->reqCert = cid;
-    if (req && !sk_OCSP_ONEREQ_push(req->tbsRequest->requestList, one))
+    if (req && !sk_OCSP_ONEREQ_push(req->tbsRequest->requestList, one)) {
+        one->reqCert = NULL; /* do not free on error */
         goto err;
+    }
     return one;
  err:
     OCSP_ONEREQ_free(one);


More information about the openssl-commits mailing list