[openssl-commits] [openssl] OpenSSL_1_0_2-stable update
Richard Levitte
levitte at openssl.org
Thu Jul 6 07:15:52 UTC 2017
The branch OpenSSL_1_0_2-stable has been updated
via 58314197b54cc1417cfa62d1987462f72a2559e0 (commit)
from 95f966b7954adec468e1e86c3c57d03768990126 (commit)
- Log -----------------------------------------------------------------
commit 58314197b54cc1417cfa62d1987462f72a2559e0
Author: Richard Levitte <levitte at openssl.org>
Date: Wed Jul 5 11:08:45 2017 +0200
Avoid possible memleak in X509_policy_check()
When tree_calculate_user_set() fails, a jump to error failed to
deallocate a possibly allocated |auth_nodes|.
Reviewed-by: Rich Salz <rsalz at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3851)
-----------------------------------------------------------------------
Summary of changes:
crypto/x509v3/pcy_tree.c | 14 +++++++++-----
1 file changed, 9 insertions(+), 5 deletions(-)
diff --git a/crypto/x509v3/pcy_tree.c b/crypto/x509v3/pcy_tree.c
index 09b8691..03c9533 100644
--- a/crypto/x509v3/pcy_tree.c
+++ b/crypto/x509v3/pcy_tree.c
@@ -732,6 +732,7 @@ int X509_policy_check(X509_POLICY_TREE **ptree, int *pexplicit_policy,
STACK_OF(ASN1_OBJECT) *policy_oids, unsigned int flags)
{
int ret;
+ int calc_ret;
X509_POLICY_TREE *tree = NULL;
STACK_OF(X509_POLICY_NODE) *nodes, *auth_nodes = NULL;
*ptree = NULL;
@@ -800,17 +801,20 @@ int X509_policy_check(X509_POLICY_TREE **ptree, int *pexplicit_policy,
/* Tree is not empty: continue */
- ret = tree_calculate_authority_set(tree, &auth_nodes);
+ calc_ret = tree_calculate_authority_set(tree, &auth_nodes);
- if (!ret)
+ if (!calc_ret)
goto error;
- if (!tree_calculate_user_set(tree, policy_oids, auth_nodes))
- goto error;
+ ret = tree_calculate_user_set(tree, policy_oids, auth_nodes);
- if (ret == 2)
+ if (calc_ret == 2)
sk_X509_POLICY_NODE_free(auth_nodes);
+ if (!ret)
+ goto error;
+
+
if (tree)
*ptree = tree;
More information about the openssl-commits
mailing list