[openssl-commits] [openssl] OpenSSL_1_0_2-stable update

Matt Caswell matt at openssl.org
Fri Jun 10 15:50:18 UTC 2016


The branch OpenSSL_1_0_2-stable has been updated
       via  e6f65f769d87846bdc5b58ef8d2ef4074044022d (commit)
       via  4457017587efae316ac10b159f2e5b0cc81d9921 (commit)
      from  f6186cfba64593d3cefd6851a487a21abd0657a3 (commit)


- Log -----------------------------------------------------------------
commit e6f65f769d87846bdc5b58ef8d2ef4074044022d
Author: Matt Caswell <matt at openssl.org>
Date:   Fri Jun 10 15:30:41 2016 +0100

    Fix an error path leak in int X509_ATTRIBUTE_set1_data()
    
    Reviewed-by: Rich Salz <rsalz at openssl.org>
    (cherry picked from commit 5000a6d1215ea7d6ed6179d0bcd44263f6e3c26b)

commit 4457017587efae316ac10b159f2e5b0cc81d9921
Author: Matt Caswell <matt at openssl.org>
Date:   Fri Jun 10 15:30:09 2016 +0100

    Fix an error path leak in do_ext_nconf()
    
    Reviewed-by: Rich Salz <rsalz at openssl.org>
    (cherry picked from commit 8605abf13523579ecab8b1f2a4bcb8354d94af79)

-----------------------------------------------------------------------

Summary of changes:
 crypto/x509/x509_att.c  | 12 +++++++++---
 crypto/x509v3/v3_conf.c |  4 +++-
 2 files changed, 12 insertions(+), 4 deletions(-)

diff --git a/crypto/x509/x509_att.c b/crypto/x509/x509_att.c
index bd59281..2501075 100644
--- a/crypto/x509/x509_att.c
+++ b/crypto/x509/x509_att.c
@@ -296,7 +296,7 @@ int X509_ATTRIBUTE_set1_object(X509_ATTRIBUTE *attr, const ASN1_OBJECT *obj)
 int X509_ATTRIBUTE_set1_data(X509_ATTRIBUTE *attr, int attrtype,
                              const void *data, int len)
 {
-    ASN1_TYPE *ttmp;
+    ASN1_TYPE *ttmp = NULL;
     ASN1_STRING *stmp = NULL;
     int atype = 0;
     if (!attr)
@@ -324,20 +324,26 @@ int X509_ATTRIBUTE_set1_data(X509_ATTRIBUTE *attr, int attrtype,
      * least one value but some types use and zero length SET and require
      * this.
      */
-    if (attrtype == 0)
+    if (attrtype == 0) {
+        ASN1_STRING_free(stmp);
         return 1;
+    }
     if (!(ttmp = ASN1_TYPE_new()))
         goto err;
     if ((len == -1) && !(attrtype & MBSTRING_FLAG)) {
         if (!ASN1_TYPE_set1(ttmp, attrtype, data))
             goto err;
-    } else
+    } else {
         ASN1_TYPE_set(ttmp, atype, stmp);
+        stmp = NULL;
+    }
     if (!sk_ASN1_TYPE_push(attr->value.set, ttmp))
         goto err;
     return 1;
  err:
     X509err(X509_F_X509_ATTRIBUTE_SET1_DATA, ERR_R_MALLOC_FAILURE);
+    ASN1_TYPE_free(ttmp);
+    ASN1_STRING_free(stmp);
     return 0;
 }
 
diff --git a/crypto/x509v3/v3_conf.c b/crypto/x509v3/v3_conf.c
index eeff8bd..c1b4c1a 100644
--- a/crypto/x509v3/v3_conf.c
+++ b/crypto/x509v3/v3_conf.c
@@ -135,11 +135,13 @@ static X509_EXTENSION *do_ext_nconf(CONF *conf, X509V3_CTX *ctx, int ext_nid,
             nval = NCONF_get_section(conf, value + 1);
         else
             nval = X509V3_parse_list(value);
-        if (sk_CONF_VALUE_num(nval) <= 0) {
+        if (nval == NULL || sk_CONF_VALUE_num(nval) <= 0) {
             X509V3err(X509V3_F_DO_EXT_NCONF,
                       X509V3_R_INVALID_EXTENSION_STRING);
             ERR_add_error_data(4, "name=", OBJ_nid2sn(ext_nid), ",section=",
                                value);
+            if (*value != '@')
+                sk_CONF_VALUE_free(nval);
             return NULL;
         }
         ext_struc = method->v2i(method, ctx, nval);


More information about the openssl-commits mailing list