diff options
| author | doug <> | 2014-12-06 19:26:37 +0000 |
|---|---|---|
| committer | doug <> | 2014-12-06 19:26:37 +0000 |
| commit | e0d29ce4ca3a66fb79a3bdb9e13b5c6ea1e19604 (patch) | |
| tree | 4eb8f74a1ef6964a0f0914c23f4236f1b335720b /src/lib/libcrypto/x509/x509_trs.c | |
| parent | 6023656d8c45eb723b7d115cebbb798c866abf5f (diff) | |
| download | openbsd-e0d29ce4ca3a66fb79a3bdb9e13b5c6ea1e19604.tar.gz openbsd-e0d29ce4ca3a66fb79a3bdb9e13b5c6ea1e19604.tar.bz2 openbsd-e0d29ce4ca3a66fb79a3bdb9e13b5c6ea1e19604.zip | |
Avoid modifying input on failure in X509_(TRUST|PURPOSE)_add.
If X509_TRUST_add() or X509_PURPOSE_add() fail, they will leave the
object in an inconsistent state since the name is already freed.
This commit avoids changing the original name unless the *_add() call
will succeed.
Based on BoringSSL's commit: ab2815eaff6219ef57aedca2f7b1b72333c27fd0
ok miod@
Diffstat (limited to 'src/lib/libcrypto/x509/x509_trs.c')
| -rw-r--r-- | src/lib/libcrypto/x509/x509_trs.c | 14 |
1 files changed, 8 insertions, 6 deletions
diff --git a/src/lib/libcrypto/x509/x509_trs.c b/src/lib/libcrypto/x509/x509_trs.c index 95fb568c68..4fa9f81ee7 100644 --- a/src/lib/libcrypto/x509/x509_trs.c +++ b/src/lib/libcrypto/x509/x509_trs.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: x509_trs.c,v 1.18 2014/11/18 03:28:05 tedu Exp $ */ | 1 | /* $OpenBSD: x509_trs.c,v 1.19 2014/12/06 19:26:37 doug Exp $ */ |
| 2 | /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL | 2 | /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL |
| 3 | * project 1999. | 3 | * project 1999. |
| 4 | */ | 4 | */ |
| @@ -177,6 +177,7 @@ X509_TRUST_add(int id, int flags, int (*ck)(X509_TRUST *, X509 *, int), | |||
| 177 | { | 177 | { |
| 178 | int idx; | 178 | int idx; |
| 179 | X509_TRUST *trtmp; | 179 | X509_TRUST *trtmp; |
| 180 | char *name_dup; | ||
| 180 | 181 | ||
| 181 | /* This is set according to what we change: application can't set it */ | 182 | /* This is set according to what we change: application can't set it */ |
| 182 | flags &= ~X509_TRUST_DYNAMIC; | 183 | flags &= ~X509_TRUST_DYNAMIC; |
| @@ -199,12 +200,14 @@ X509_TRUST_add(int id, int flags, int (*ck)(X509_TRUST *, X509 *, int), | |||
| 199 | } | 200 | } |
| 200 | } | 201 | } |
| 201 | 202 | ||
| 203 | if ((name_dup = strdup(name)) == NULL) | ||
| 204 | goto err; | ||
| 205 | |||
| 202 | /* free existing name if dynamic */ | 206 | /* free existing name if dynamic */ |
| 203 | if (trtmp->flags & X509_TRUST_DYNAMIC_NAME) | 207 | if (trtmp->flags & X509_TRUST_DYNAMIC_NAME) |
| 204 | free(trtmp->name); | 208 | free(trtmp->name); |
| 205 | /* dup supplied name */ | 209 | /* dup supplied name */ |
| 206 | if ((trtmp->name = strdup(name)) == NULL) | 210 | trtmp->name = name_dup; |
| 207 | goto err; | ||
| 208 | /* Keep the dynamic flag of existing entry */ | 211 | /* Keep the dynamic flag of existing entry */ |
| 209 | trtmp->flags &= X509_TRUST_DYNAMIC; | 212 | trtmp->flags &= X509_TRUST_DYNAMIC; |
| 210 | /* Set all other flags */ | 213 | /* Set all other flags */ |
| @@ -226,10 +229,9 @@ X509_TRUST_add(int id, int flags, int (*ck)(X509_TRUST *, X509 *, int), | |||
| 226 | return 1; | 229 | return 1; |
| 227 | 230 | ||
| 228 | err: | 231 | err: |
| 229 | if (idx == -1) { | 232 | free(name_dup); |
| 230 | free(trtmp->name); | 233 | if (idx == -1) |
| 231 | free(trtmp); | 234 | free(trtmp); |
| 232 | } | ||
| 233 | X509err(X509_F_X509_TRUST_ADD, ERR_R_MALLOC_FAILURE); | 235 | X509err(X509_F_X509_TRUST_ADD, ERR_R_MALLOC_FAILURE); |
| 234 | return 0; | 236 | return 0; |
| 235 | } | 237 | } |