[openssl] OpenSSL_1_1_0-stable update

bernd.edlinger at hotmail.de bernd.edlinger at hotmail.de
Sat Aug 17 14:51:40 UTC 2019


The branch OpenSSL_1_1_0-stable has been updated
       via  b14c6d9af475858c60f3d04abe7d87bd9f71d578 (commit)
      from  b15a19c148384e73338aa7c5b12652138e35ed28 (commit)


- Log -----------------------------------------------------------------
commit b14c6d9af475858c60f3d04abe7d87bd9f71d578
Author: Bernd Edlinger <bernd.edlinger at hotmail.de>
Date:   Fri Aug 16 15:18:51 2019 +0200

    Fix error handling in X509_chain_up_ref
    
    Reviewed-by: Kurt Roeckx <kurt at roeckx.be>
    Reviewed-by: Tomas Mraz <tmraz at fedoraproject.org>
    (Merged from https://github.com/openssl/openssl/pull/9614)
    
    (cherry picked from commit cae665dfa6ccec743a7f39cf80676d7d2d787e56)

-----------------------------------------------------------------------

Summary of changes:
 crypto/x509/x509_cmp.c | 10 +++++++++-
 1 file changed, 9 insertions(+), 1 deletion(-)

diff --git a/crypto/x509/x509_cmp.c b/crypto/x509/x509_cmp.c
index 49b0368dfc..4e74a74a51 100644
--- a/crypto/x509/x509_cmp.c
+++ b/crypto/x509/x509_cmp.c
@@ -451,9 +451,17 @@ STACK_OF(X509) *X509_chain_up_ref(STACK_OF(X509) *chain)
     STACK_OF(X509) *ret;
     int i;
     ret = sk_X509_dup(chain);
+    if (ret == NULL)
+        return NULL;
     for (i = 0; i < sk_X509_num(ret); i++) {
         X509 *x = sk_X509_value(ret, i);
-        X509_up_ref(x);
+        if (!X509_up_ref(x))
+            goto err;
     }
     return ret;
+ err:
+    while (i-- > 0)
+        X509_free (sk_X509_value(ret, i));
+    sk_X509_free(ret);
+    return NULL;
 }


More information about the openssl-commits mailing list