[openssl-commits] [openssl] OpenSSL_1_1_0-stable update

bernd.edlinger at hotmail.de bernd.edlinger at hotmail.de
Thu Aug 17 16:02:41 UTC 2017 

The branch OpenSSL_1_1_0-stable has been updated
       via  5c26dd5b70e7be158dade9da9d75af258c7795dc (commit)
      from  bfb10f970f792bf4a13fc6244b8752e70589b9c6 (commit)


- Log -----------------------------------------------------------------
commit 5c26dd5b70e7be158dade9da9d75af258c7795dc
Author: Bernd Edlinger <bernd.edlinger at hotmail.de>
Date:   Sat Aug 12 10:11:09 2017 +0200

    Clear outputs in PKCS12_parse error handling.
    
    Reviewed-by: Andy Polyakov <appro at openssl.org>
    Reviewed-by: Rich Salz <rsalz at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/4145)
    
    (cherry picked from commit 524fdd515569e12047ddb29ba4c7f19706aacc98)

-----------------------------------------------------------------------

Summary of changes:
 crypto/pkcs12/p12_kiss.c | 21 +++++++++++++--------
 1 file changed, 13 insertions(+), 8 deletions(-)

diff --git a/crypto/pkcs12/p12_kiss.c b/crypto/pkcs12/p12_kiss.c
index 62f5d1e..7ab9838 100644
--- a/crypto/pkcs12/p12_kiss.c
+++ b/crypto/pkcs12/p12_kiss.c
@@ -34,6 +34,12 @@ int PKCS12_parse(PKCS12 *p12, const char *pass, EVP_PKEY **pkey, X509 **cert,
 {
     STACK_OF(X509) *ocerts = NULL;
     X509 *x = NULL;
+
+    if (pkey)
+        *pkey = NULL;
+    if (cert)
+        *cert = NULL;
+
     /* Check for NULL PKCS12 structure */
 
     if (!p12) {
@@ -42,11 +48,6 @@ int PKCS12_parse(PKCS12 *p12, const char *pass, EVP_PKEY **pkey, X509 **cert,
         return 0;
     }
 
-    if (pkey)
-        *pkey = NULL;
-    if (cert)
-        *cert = NULL;
-
     /* Check the mac */
 
     /*
@@ -75,7 +76,7 @@ int PKCS12_parse(PKCS12 *p12, const char *pass, EVP_PKEY **pkey, X509 **cert,
 
     if (!ocerts) {
         PKCS12err(PKCS12_F_PKCS12_PARSE, ERR_R_MALLOC_FAILURE);
-        return 0;
+        goto err;
     }
 
     if (!parse_pk12(p12, pass, -1, pkey, ocerts)) {
@@ -111,10 +112,14 @@ int PKCS12_parse(PKCS12 *p12, const char *pass, EVP_PKEY **pkey, X509 **cert,
 
  err:
 
-    if (pkey)
+    if (pkey) {
         EVP_PKEY_free(*pkey);
-    if (cert)
+        *pkey = NULL;
+    }
+    if (cert) {
         X509_free(*cert);
+        *cert = NULL;
+    }
     X509_free(x);
     sk_X509_pop_free(ocerts, X509_free);
     return 0;

More information about the openssl-commits mailing list