summaryrefslogtreecommitdiff
path: root/src/lib/libcrypto/x509v3/v3_alt.c
diff options
context:
space:
mode:
authortb <>2019-04-22 17:10:01 +0000
committertb <>2019-04-22 17:10:01 +0000
commita2339aa009b2ac9b2d96975d578bb9f9fc757cea (patch)
tree268a5bb33a01011111228f72e3d2be40eeae915b /src/lib/libcrypto/x509v3/v3_alt.c
parente9d90e49492029ba1aa3e87e920475ddc0aeb803 (diff)
downloadopenbsd-a2339aa009b2ac9b2d96975d578bb9f9fc757cea.tar.gz
openbsd-a2339aa009b2ac9b2d96975d578bb9f9fc757cea.tar.bz2
openbsd-a2339aa009b2ac9b2d96975d578bb9f9fc757cea.zip
Avoid potential double frees in i2v_AUTHORITY_KEYID(), i2v_GENERAL_NAME()
and i2v_GENERAL_NAMES() by taking ownership of the extlist only if we were passed NULL. Otherwise it remains the caller's responsibility to free it. To do so, we allocate the extlist explicitly instead of using X509V3_add_value()'s implicit allocation feature. Preserve behavior in i2v_AUTHORITY_KEYID() by adding an explicit check that something was pushed onto the stack. The other i2v_* functions will receive a similar treatment in upcoming commits. ok jsing
Diffstat (limited to 'src/lib/libcrypto/x509v3/v3_alt.c')
-rw-r--r--src/lib/libcrypto/x509v3/v3_alt.c15
1 files changed, 11 insertions, 4 deletions
diff --git a/src/lib/libcrypto/x509v3/v3_alt.c b/src/lib/libcrypto/x509v3/v3_alt.c
index 2dc07b4025..0f0177ff8b 100644
--- a/src/lib/libcrypto/x509v3/v3_alt.c
+++ b/src/lib/libcrypto/x509v3/v3_alt.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: v3_alt.c,v 1.29 2019/04/21 16:50:34 tb Exp $ */ 1/* $OpenBSD: v3_alt.c,v 1.30 2019/04/22 17:10:01 tb Exp $ */
2/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL 2/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
3 * project. 3 * project.
4 */ 4 */
@@ -127,11 +127,12 @@ STACK_OF(CONF_VALUE) *
127i2v_GENERAL_NAMES(X509V3_EXT_METHOD *method, GENERAL_NAMES *gens, 127i2v_GENERAL_NAMES(X509V3_EXT_METHOD *method, GENERAL_NAMES *gens,
128 STACK_OF(CONF_VALUE) *ret) 128 STACK_OF(CONF_VALUE) *ret)
129{ 129{
130 STACK_OF(CONF_VALUE) *free_ret = NULL;
130 GENERAL_NAME *gen; 131 GENERAL_NAME *gen;
131 int i; 132 int i;
132 133
133 if (ret == NULL) { 134 if (ret == NULL) {
134 if ((ret = sk_CONF_VALUE_new_null()) == NULL) 135 if ((free_ret = ret = sk_CONF_VALUE_new_null()) == NULL)
135 return NULL; 136 return NULL;
136 } 137 }
137 138
@@ -145,7 +146,7 @@ i2v_GENERAL_NAMES(X509V3_EXT_METHOD *method, GENERAL_NAMES *gens,
145 return ret; 146 return ret;
146 147
147 err: 148 err:
148 sk_CONF_VALUE_pop_free(ret, X509V3_conf_free); 149 sk_CONF_VALUE_pop_free(free_ret, X509V3_conf_free);
149 150
150 return NULL; 151 return NULL;
151} 152}
@@ -154,10 +155,16 @@ STACK_OF(CONF_VALUE) *
154i2v_GENERAL_NAME(X509V3_EXT_METHOD *method, GENERAL_NAME *gen, 155i2v_GENERAL_NAME(X509V3_EXT_METHOD *method, GENERAL_NAME *gen,
155 STACK_OF(CONF_VALUE) *ret) 156 STACK_OF(CONF_VALUE) *ret)
156{ 157{
158 STACK_OF(CONF_VALUE) *free_ret = NULL;
157 unsigned char *p; 159 unsigned char *p;
158 char oline[256], htmp[5]; 160 char oline[256], htmp[5];
159 int i; 161 int i;
160 162
163 if (ret == NULL) {
164 if ((free_ret = ret = sk_CONF_VALUE_new_null()) == NULL)
165 return NULL;
166 }
167
161 switch (gen->type) { 168 switch (gen->type) {
162 case GEN_OTHERNAME: 169 case GEN_OTHERNAME:
163 if (!X509V3_add_value("othername", "<unsupported>", &ret)) 170 if (!X509V3_add_value("othername", "<unsupported>", &ret))
@@ -231,7 +238,7 @@ i2v_GENERAL_NAME(X509V3_EXT_METHOD *method, GENERAL_NAME *gen,
231 return ret; 238 return ret;
232 239
233 err: 240 err:
234 sk_CONF_VALUE_pop_free(ret, X509V3_conf_free); 241 sk_CONF_VALUE_pop_free(free_ret, X509V3_conf_free);
235 242
236 return NULL; 243 return NULL;
237} 244}