[openssl-commits] [openssl] master update

Matt Caswell matt at openssl.org
Fri Jun 10 15:50:04 UTC 2016


The branch master has been updated
       via  5000a6d1215ea7d6ed6179d0bcd44263f6e3c26b (commit)
       via  8605abf13523579ecab8b1f2a4bcb8354d94af79 (commit)
      from  e68a780ed698cd7839d38bf3851974fc1d23e00d (commit)


- Log -----------------------------------------------------------------
commit 5000a6d1215ea7d6ed6179d0bcd44263f6e3c26b
Author: Matt Caswell <matt at openssl.org>
Date:   Fri Jun 10 15:30:41 2016 +0100

    Fix an error path leak in int X509_ATTRIBUTE_set1_data()
    
    Reviewed-by: Rich Salz <rsalz at openssl.org>

commit 8605abf13523579ecab8b1f2a4bcb8354d94af79
Author: Matt Caswell <matt at openssl.org>
Date:   Fri Jun 10 15:30:09 2016 +0100

    Fix an error path leak in do_ext_nconf()
    
    Reviewed-by: Rich Salz <rsalz at openssl.org>

-----------------------------------------------------------------------

Summary of changes:
 crypto/x509/x509_att.c  | 12 +++++++++---
 crypto/x509v3/v3_conf.c |  4 +++-
 2 files changed, 12 insertions(+), 4 deletions(-)

diff --git a/crypto/x509/x509_att.c b/crypto/x509/x509_att.c
index 3708d43..1fda58e 100644
--- a/crypto/x509/x509_att.c
+++ b/crypto/x509/x509_att.c
@@ -246,7 +246,7 @@ int X509_ATTRIBUTE_set1_object(X509_ATTRIBUTE *attr, const ASN1_OBJECT *obj)
 int X509_ATTRIBUTE_set1_data(X509_ATTRIBUTE *attr, int attrtype,
                              const void *data, int len)
 {
-    ASN1_TYPE *ttmp;
+    ASN1_TYPE *ttmp = NULL;
     ASN1_STRING *stmp = NULL;
     int atype = 0;
     if (!attr)
@@ -271,20 +271,26 @@ int X509_ATTRIBUTE_set1_data(X509_ATTRIBUTE *attr, int attrtype,
      * least one value but some types use and zero length SET and require
      * this.
      */
-    if (attrtype == 0)
+    if (attrtype == 0) {
+        ASN1_STRING_free(stmp);
         return 1;
+    }
     if ((ttmp = ASN1_TYPE_new()) == NULL)
         goto err;
     if ((len == -1) && !(attrtype & MBSTRING_FLAG)) {
         if (!ASN1_TYPE_set1(ttmp, attrtype, data))
             goto err;
-    } else
+    } else {
         ASN1_TYPE_set(ttmp, atype, stmp);
+        stmp = NULL;
+    }
     if (!sk_ASN1_TYPE_push(attr->set, ttmp))
         goto err;
     return 1;
  err:
     X509err(X509_F_X509_ATTRIBUTE_SET1_DATA, ERR_R_MALLOC_FAILURE);
+    ASN1_TYPE_free(ttmp);
+    ASN1_STRING_free(stmp);
     return 0;
 }
 
diff --git a/crypto/x509v3/v3_conf.c b/crypto/x509v3/v3_conf.c
index bc06e31..4e118c1 100644
--- a/crypto/x509v3/v3_conf.c
+++ b/crypto/x509v3/v3_conf.c
@@ -88,11 +88,13 @@ static X509_EXTENSION *do_ext_nconf(CONF *conf, X509V3_CTX *ctx, int ext_nid,
             nval = NCONF_get_section(conf, value + 1);
         else
             nval = X509V3_parse_list(value);
-        if (sk_CONF_VALUE_num(nval) <= 0) {
+        if (nval == NULL || sk_CONF_VALUE_num(nval) <= 0) {
             X509V3err(X509V3_F_DO_EXT_NCONF,
                       X509V3_R_INVALID_EXTENSION_STRING);
             ERR_add_error_data(4, "name=", OBJ_nid2sn(ext_nid), ",section=",
                                value);
+            if (*value != '@')
+                sk_CONF_VALUE_free(nval);
             return NULL;
         }
         ext_struc = method->v2i(method, ctx, nval);


More information about the openssl-commits mailing list