diff options
| author | tb <> | 2023-08-30 00:49:32 +0000 |
|---|---|---|
| committer | tb <> | 2023-08-30 00:49:32 +0000 |
| commit | 6374d451ab78e6a8b8173aa5795b5e7f4c9c1081 (patch) | |
| tree | cf2270b763fddcceabb1039a124d6f8f26d81b4d | |
| parent | 4f19586576da87be433f16dc44538c814b842b85 (diff) | |
| download | openbsd-6374d451ab78e6a8b8173aa5795b5e7f4c9c1081.tar.gz openbsd-6374d451ab78e6a8b8173aa5795b5e7f4c9c1081.tar.bz2 openbsd-6374d451ab78e6a8b8173aa5795b5e7f4c9c1081.zip | |
Fix leaks in copy_issuer()
The stack of subject alternative names from the issuer is parsed using
X509V3_EXT_d2i(), so it must be freed with sk_GENERAL_NAME_pop_free().
It's not worth doing complicated ownership handling when the individual
alternative names can be copied with GENERAL_NAME_dup().
Previously, ialt and its remaining members would be leaked when the call
to sk_GENERAL_NAME_push() failed halfway through.
This is only reachable via the issuer:copy x509v3.cnf(5) directive.
ok jsing
| -rw-r--r-- | src/lib/libcrypto/x509/x509_alt.c | 22 |
1 files changed, 14 insertions, 8 deletions
diff --git a/src/lib/libcrypto/x509/x509_alt.c b/src/lib/libcrypto/x509/x509_alt.c index c4c5fcabe7..59fa39fa6b 100644 --- a/src/lib/libcrypto/x509/x509_alt.c +++ b/src/lib/libcrypto/x509/x509_alt.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: x509_alt.c,v 1.15 2023/02/16 08:38:17 tb Exp $ */ | 1 | /* $OpenBSD: x509_alt.c,v 1.16 2023/08/30 00:49:32 tb Exp $ */ |
| 2 | /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL | 2 | /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL |
| 3 | * project. | 3 | * project. |
| 4 | */ | 4 | */ |
| @@ -354,10 +354,11 @@ err: | |||
| 354 | static int | 354 | static int |
| 355 | copy_issuer(X509V3_CTX *ctx, GENERAL_NAMES *gens) | 355 | copy_issuer(X509V3_CTX *ctx, GENERAL_NAMES *gens) |
| 356 | { | 356 | { |
| 357 | GENERAL_NAMES *ialt; | 357 | GENERAL_NAMES *ialt = NULL; |
| 358 | GENERAL_NAME *gen; | 358 | GENERAL_NAME *gen = NULL; |
| 359 | X509_EXTENSION *ext; | 359 | X509_EXTENSION *ext; |
| 360 | int i; | 360 | int i; |
| 361 | int ret = 0; | ||
| 361 | 362 | ||
| 362 | if (ctx && (ctx->flags == CTX_TEST)) | 363 | if (ctx && (ctx->flags == CTX_TEST)) |
| 363 | return 1; | 364 | return 1; |
| @@ -375,19 +376,24 @@ copy_issuer(X509V3_CTX *ctx, GENERAL_NAMES *gens) | |||
| 375 | } | 376 | } |
| 376 | 377 | ||
| 377 | for (i = 0; i < sk_GENERAL_NAME_num(ialt); i++) { | 378 | for (i = 0; i < sk_GENERAL_NAME_num(ialt); i++) { |
| 378 | gen = sk_GENERAL_NAME_value(ialt, i); | 379 | GENERAL_NAME *val = sk_GENERAL_NAME_value(ialt, i); |
| 380 | |||
| 381 | if ((gen = GENERAL_NAME_dup(val)) == NULL) | ||
| 382 | goto err; | ||
| 379 | if (!sk_GENERAL_NAME_push(gens, gen)) { | 383 | if (!sk_GENERAL_NAME_push(gens, gen)) { |
| 380 | X509V3error(ERR_R_MALLOC_FAILURE); | 384 | X509V3error(ERR_R_MALLOC_FAILURE); |
| 381 | goto err; | 385 | goto err; |
| 382 | } | 386 | } |
| 387 | gen = NULL; | ||
| 383 | } | 388 | } |
| 384 | sk_GENERAL_NAME_free(ialt); | ||
| 385 | 389 | ||
| 386 | return 1; | 390 | ret = 1; |
| 387 | 391 | ||
| 388 | err: | 392 | err: |
| 389 | return 0; | 393 | sk_GENERAL_NAME_pop_free(ialt, GENERAL_NAME_free); |
| 394 | GENERAL_NAME_free(gen); | ||
| 390 | 395 | ||
| 396 | return ret; | ||
| 391 | } | 397 | } |
| 392 | 398 | ||
| 393 | static GENERAL_NAMES * | 399 | static GENERAL_NAMES * |