[openssl] OpenSSL_1_1_1-stable update

Matt Caswell matt at openssl.org
Mon Nov 4 12:58:15 UTC 2019 

The branch OpenSSL_1_1_1-stable has been updated
       via  7bb50cbc4af78a0c8d36fdf2c141ad1330125e2f (commit)
      from  72f4d2f8eb0a95bbac7e247ff571bbef4158018c (commit)


- Log -----------------------------------------------------------------
commit 7bb50cbc4af78a0c8d36fdf2c141ad1330125e2f
Author: Matt Caswell <matt at openssl.org>
Date:   Wed Oct 30 13:20:33 2019 +0000

    Don't leak memory in the event of a failure in i2v_GENERAL_NAMES
    
    i2v_GENERAL_NAMES call i2v_GENERAL_NAME repeatedly as required. Each
    time i2v_GENERAL_NAME gets called it allocates adds data to the passed in
    stack and then returns a pointer to the stack, or NULL on failure. If
    the passed in stack is itself NULL then it allocates one.
    
    i2v_GENERAL_NAMES was not correctly handling the case where a NULL gets
    returned from i2v_GENERAL_NAME. If a stack had already been allocated then
    it just leaked it.
    
    Reviewed-by: Dmitry Belyavskiy <beldmit at gmail.com>
    Reviewed-by: Viktor Dukhovni <viktor at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/10300)
    
    (cherry picked from commit 45b244620a74248b46ebe1c85e86437b9641447a)

-----------------------------------------------------------------------

Summary of changes:
 crypto/x509v3/v3_alt.c | 17 +++++++++++++++--
 1 file changed, 15 insertions(+), 2 deletions(-)

diff --git a/crypto/x509v3/v3_alt.c b/crypto/x509v3/v3_alt.c
index dfcb9094f4..7ac2911b91 100644
--- a/crypto/x509v3/v3_alt.c
+++ b/crypto/x509v3/v3_alt.c
@@ -52,11 +52,24 @@ STACK_OF(CONF_VALUE) *i2v_GENERAL_NAMES(X509V3_EXT_METHOD *method,
 {
     int i;
     GENERAL_NAME *gen;
+    STACK_OF(CONF_VALUE) *tmpret = NULL, *origret = ret;
+
     for (i = 0; i < sk_GENERAL_NAME_num(gens); i++) {
         gen = sk_GENERAL_NAME_value(gens, i);
-        ret = i2v_GENERAL_NAME(method, gen, ret);
+        /*
+         * i2v_GENERAL_NAME allocates ret if it is NULL. If something goes
+         * wrong we need to free the stack - but only if it was empty when we
+         * originally entered this function.
+         */
+        tmpret = i2v_GENERAL_NAME(method, gen, ret);
+        if (tmpret == NULL) {
+            if (origret == NULL)
+                sk_CONF_VALUE_pop_free(ret, X509V3_conf_free);
+            return NULL;
+        }
+        ret = tmpret;
     }
-    if (!ret)
+    if (ret == NULL)
         return sk_CONF_VALUE_new_null();
     return ret;
 }

More information about the openssl-commits mailing list