[openssl-commits] [openssl] OpenSSL_1_1_0-stable update
Richard Levitte
levitte at openssl.org
Wed Jul 5 09:14:48 UTC 2017
The branch OpenSSL_1_1_0-stable has been updated
via b066ef30585bdb051f9aae84d3b5a5df402c43b7 (commit)
from ef40a25724861320aa5bd3e2a90471513b7ae327 (commit)
- Log -----------------------------------------------------------------
commit b066ef30585bdb051f9aae84d3b5a5df402c43b7
Author: Richard Levitte <levitte at openssl.org>
Date: Wed Jul 5 11:03:34 2017 +0200
Avoid possible memleak in X509_policy_check()
When tree_calculate_user_set() fails, a jump to error failed to
deallocate a possibly allocated |auth_nodes|.
Reviewed-by: Paul Dale <paul.dale at oracle.com>
(Merged from https://github.com/openssl/openssl/pull/3850)
(cherry picked from commit 67f060acefae34d820ccdb2f560d86ed10633500)
-----------------------------------------------------------------------
Summary of changes:
crypto/x509v3/pcy_tree.c | 10 +++++++---
1 file changed, 7 insertions(+), 3 deletions(-)
diff --git a/crypto/x509v3/pcy_tree.c b/crypto/x509v3/pcy_tree.c
index 9f9246b..b3d1983 100644
--- a/crypto/x509v3/pcy_tree.c
+++ b/crypto/x509v3/pcy_tree.c
@@ -638,6 +638,7 @@ int X509_policy_check(X509_POLICY_TREE **ptree, int *pexplicit_policy,
{
int init_ret;
int ret;
+ int calc_ret;
X509_POLICY_TREE *tree = NULL;
STACK_OF(X509_POLICY_NODE) *nodes, *auth_nodes = NULL;
@@ -675,11 +676,14 @@ int X509_policy_check(X509_POLICY_TREE **ptree, int *pexplicit_policy,
}
/* Tree is not empty: continue */
- if ((ret = tree_calculate_authority_set(tree, &auth_nodes)) == 0 ||
- !tree_calculate_user_set(tree, policy_oids, auth_nodes))
+
+ if ((calc_ret = tree_calculate_authority_set(tree, &auth_nodes)) == 0)
goto error;
- if (ret == TREE_CALC_OK_DOFREE)
+ ret = tree_calculate_user_set(tree, policy_oids, auth_nodes);
+ if (calc_ret == TREE_CALC_OK_DOFREE)
sk_X509_POLICY_NODE_free(auth_nodes);
+ if (!ret)
+ goto error;
*ptree = tree;
More information about the openssl-commits
mailing list