[openssl-commits] [openssl] OpenSSL_1_0_2-stable update

Andy Polyakov appro at openssl.org
Thu Nov 16 15:01:22 UTC 2017 

The branch OpenSSL_1_0_2-stable has been updated
       via  c29f83c05f3a3c5641c5ddf054789a29d2163bf3 (commit)
      from  046c5f73535c8a46af940c063e00dfa6cce73f18 (commit)


- Log -----------------------------------------------------------------
commit c29f83c05f3a3c5641c5ddf054789a29d2163bf3
Author: FdaSilvaYY <fdasilvayy at gmail.com>
Date:   Mon Nov 6 12:56:58 2017 +0100

    Fix possible leaks on sk_X509_EXTENSION_push() failure ...
    
    Backport of #4677 / 1687aa760cdd164b12c5b70e65cadcbce1e7ccfa
    
    Reviewed-by: Rich Salz <rsalz at openssl.org>
    Reviewed-by: Andy Polyakov <appro at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/4715)

-----------------------------------------------------------------------

Summary of changes:
 crypto/x509v3/v3_lib.c | 22 +++++++++++++++-------
 1 file changed, 15 insertions(+), 7 deletions(-)

diff --git a/crypto/x509v3/v3_lib.c b/crypto/x509v3/v3_lib.c
index 8350429..1112802 100644
--- a/crypto/x509v3/v3_lib.c
+++ b/crypto/x509v3/v3_lib.c
@@ -286,9 +286,9 @@ void *X509V3_get_d2i(STACK_OF(X509_EXTENSION) *x, int nid, int *crit,
 int X509V3_add1_i2d(STACK_OF(X509_EXTENSION) **x, int nid, void *value,
                     int crit, unsigned long flags)
 {
-    int extidx = -1;
-    int errcode;
-    X509_EXTENSION *ext, *extmp;
+    int errcode, extidx = -1;
+    X509_EXTENSION *ext = NULL, *extmp;
+    STACK_OF(X509_EXTENSION) *ret = NULL;
     unsigned long ext_op = flags & X509V3_ADD_OP_MASK;
 
     /*
@@ -347,13 +347,21 @@ int X509V3_add1_i2d(STACK_OF(X509_EXTENSION) **x, int nid, void *value,
         return 1;
     }
 
-    if (!*x && !(*x = sk_X509_EXTENSION_new_null()))
-        return -1;
-    if (!sk_X509_EXTENSION_push(*x, ext))
-        return -1;
+    if ((ret = *x) == NULL
+         && (ret = sk_X509_EXTENSION_new_null()) == NULL)
+        goto m_fail;
+    if (!sk_X509_EXTENSION_push(ret, ext))
+        goto m_fail;
 
+    *x = ret;
     return 1;
 
+ m_fail:
+    if (ret != *x)
+        sk_X509_EXTENSION_free(ret);
+    X509_EXTENSION_free(ext);
+    return -1;
+
  err:
     if (!(flags & X509V3_ADD_SILENT))
         X509V3err(X509V3_F_X509V3_ADD1_I2D, errcode);

More information about the openssl-commits mailing list