[openssl-commits] [openssl] master update
Matt Caswell
matt at openssl.org
Fri Jun 10 15:50:04 UTC 2016
The branch master has been updated
via 5000a6d1215ea7d6ed6179d0bcd44263f6e3c26b (commit)
via 8605abf13523579ecab8b1f2a4bcb8354d94af79 (commit)
from e68a780ed698cd7839d38bf3851974fc1d23e00d (commit)
- Log -----------------------------------------------------------------
commit 5000a6d1215ea7d6ed6179d0bcd44263f6e3c26b
Author: Matt Caswell <matt at openssl.org>
Date: Fri Jun 10 15:30:41 2016 +0100
Fix an error path leak in int X509_ATTRIBUTE_set1_data()
Reviewed-by: Rich Salz <rsalz at openssl.org>
commit 8605abf13523579ecab8b1f2a4bcb8354d94af79
Author: Matt Caswell <matt at openssl.org>
Date: Fri Jun 10 15:30:09 2016 +0100
Fix an error path leak in do_ext_nconf()
Reviewed-by: Rich Salz <rsalz at openssl.org>
-----------------------------------------------------------------------
Summary of changes:
crypto/x509/x509_att.c | 12 +++++++++---
crypto/x509v3/v3_conf.c | 4 +++-
2 files changed, 12 insertions(+), 4 deletions(-)
diff --git a/crypto/x509/x509_att.c b/crypto/x509/x509_att.c
index 3708d43..1fda58e 100644
--- a/crypto/x509/x509_att.c
+++ b/crypto/x509/x509_att.c
@@ -246,7 +246,7 @@ int X509_ATTRIBUTE_set1_object(X509_ATTRIBUTE *attr, const ASN1_OBJECT *obj)
int X509_ATTRIBUTE_set1_data(X509_ATTRIBUTE *attr, int attrtype,
const void *data, int len)
{
- ASN1_TYPE *ttmp;
+ ASN1_TYPE *ttmp = NULL;
ASN1_STRING *stmp = NULL;
int atype = 0;
if (!attr)
@@ -271,20 +271,26 @@ int X509_ATTRIBUTE_set1_data(X509_ATTRIBUTE *attr, int attrtype,
* least one value but some types use and zero length SET and require
* this.
*/
- if (attrtype == 0)
+ if (attrtype == 0) {
+ ASN1_STRING_free(stmp);
return 1;
+ }
if ((ttmp = ASN1_TYPE_new()) == NULL)
goto err;
if ((len == -1) && !(attrtype & MBSTRING_FLAG)) {
if (!ASN1_TYPE_set1(ttmp, attrtype, data))
goto err;
- } else
+ } else {
ASN1_TYPE_set(ttmp, atype, stmp);
+ stmp = NULL;
+ }
if (!sk_ASN1_TYPE_push(attr->set, ttmp))
goto err;
return 1;
err:
X509err(X509_F_X509_ATTRIBUTE_SET1_DATA, ERR_R_MALLOC_FAILURE);
+ ASN1_TYPE_free(ttmp);
+ ASN1_STRING_free(stmp);
return 0;
}
diff --git a/crypto/x509v3/v3_conf.c b/crypto/x509v3/v3_conf.c
index bc06e31..4e118c1 100644
--- a/crypto/x509v3/v3_conf.c
+++ b/crypto/x509v3/v3_conf.c
@@ -88,11 +88,13 @@ static X509_EXTENSION *do_ext_nconf(CONF *conf, X509V3_CTX *ctx, int ext_nid,
nval = NCONF_get_section(conf, value + 1);
else
nval = X509V3_parse_list(value);
- if (sk_CONF_VALUE_num(nval) <= 0) {
+ if (nval == NULL || sk_CONF_VALUE_num(nval) <= 0) {
X509V3err(X509V3_F_DO_EXT_NCONF,
X509V3_R_INVALID_EXTENSION_STRING);
ERR_add_error_data(4, "name=", OBJ_nid2sn(ext_nid), ",section=",
value);
+ if (*value != '@')
+ sk_CONF_VALUE_free(nval);
return NULL;
}
ext_struc = method->v2i(method, ctx, nval);
More information about the openssl-commits
mailing list