[openssl] master update

dev at ddvo.net dev at ddvo.net
Thu Sep 10 05:15:22 UTC 2020 

The branch master has been updated
       via  c4adc5ba5b4a7b5f999732fc565d0d6e3f8222e9 (commit)
      from  a877d2629b8a512aae550be68b9afd91eae22f19 (commit)


- Log -----------------------------------------------------------------
commit c4adc5ba5b4a7b5f999732fc565d0d6e3f8222e9
Author: Dr. David von Oheimb <David.von.Oheimb at siemens.com>
Date:   Sun Aug 30 13:25:40 2020 +0200

    apps.c: Fix mem leaks on error in load_certs() and load_crls()
    
    Reviewed-by: Tim Hudson <tjh at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/12823)

-----------------------------------------------------------------------

Summary of changes:
 apps/lib/apps.c | 24 ++++++++++++++++++++----
 1 file changed, 20 insertions(+), 4 deletions(-)

diff --git a/apps/lib/apps.c b/apps/lib/apps.c
index b631a2670a..f10e91deb7 100644
--- a/apps/lib/apps.c
+++ b/apps/lib/apps.c
@@ -659,22 +659,38 @@ void* app_malloc(int sz, const char *what)
 
 /*
  * Initialize or extend, if *certs != NULL, a certificate stack.
+ * The caller is responsible for freeing *certs if its value is left not NULL.
  */
 int load_certs(const char *uri, STACK_OF(X509) **certs,
                const char *pass, const char *desc)
 {
-    return load_key_certs_crls(uri, 0, pass, desc, NULL, NULL,
-                               NULL, certs, NULL, NULL);
+    int was_NULL = *certs == NULL;
+    int ret = load_key_certs_crls(uri, 0, pass, desc, NULL, NULL,
+                                  NULL, certs, NULL, NULL);
+
+    if (!ret && was_NULL) {
+        sk_X509_pop_free(*certs, X509_free);
+        *certs = NULL;
+    }
+    return ret;
 }
 
 /*
  * Initialize or extend, if *crls != NULL, a certificate stack.
+ * The caller is responsible for freeing *crls if its value is left not NULL.
  */
 int load_crls(const char *uri, STACK_OF(X509_CRL) **crls,
               const char *pass, const char *desc)
 {
-    return load_key_certs_crls(uri, 0, pass, desc, NULL, NULL,
-                               NULL, NULL, NULL, crls);
+    int was_NULL = *crls == NULL;
+    int ret = load_key_certs_crls(uri, 0, pass, desc, NULL, NULL,
+                                  NULL, NULL, NULL, crls);
+
+    if (!ret && was_NULL) {
+        sk_X509_CRL_pop_free(*crls, X509_CRL_free);
+        *crls = NULL;
+    }
+    return ret;
 }
 
 /*

More information about the openssl-commits mailing list