Plug memory leaks upon error in OCSP_url_svcloc_new().

ok jsing@
author: miod <> 2014-05-18 16:19:09 +0000
committer: miod <> 2014-05-18 16:19:09 +0000
commit: a3380d29afacb8edd0e4e1eee12cb9156fa40cf8 (patch)
tree: c4ea34577f8162cb6025aff98bb674a963f7e1fd /src
parent: b5d9cd2255a7e97b93cadef1883c8699dce9d72b (diff)
download: openbsd-a3380d29afacb8edd0e4e1eee12cb9156fa40cf8.tar.gz
openbsd-a3380d29afacb8edd0e4e1eee12cb9156fa40cf8.tar.bz2
openbsd-a3380d29afacb8edd0e4e1eee12cb9156fa40cf8.zip
2 files changed, 18 insertions, 12 deletions
diff --git a/src/lib/libcrypto/ocsp/ocsp_ext.c b/src/lib/libcrypto/ocsp/ocsp_ext.c
index 45b072750f..360e2ef84c 100644
--- a/src/lib/libcrypto/ocsp/ocsp_ext.c
+++ b/src/lib/libcrypto/ocsp/ocsp_ext.c
@@ -521,7 +521,7 @@ OCSP_accept_responses_new(char **oids)
        X509_EXTENSION *x = NULL;
        if (!(sk = sk_ASN1_OBJECT_new_null()))
-                goto err;
+                return NULL;
        while (oids && *oids) {
                if ((nid = OBJ_txt2nid(*oids)) != NID_undef &&
                    (o = OBJ_nid2obj(nid)))
@@ -529,10 +529,7 @@ OCSP_accept_responses_new(char **oids)
                oids++;
        }
        x = X509V3_EXT_i2d(NID_id_pkix_OCSP_acceptableResponses, 0, sk);
+        sk_ASN1_OBJECT_pop_free(sk, ASN1_OBJECT_free);
-err:
-        if (sk)
-                sk_ASN1_OBJECT_pop_free(sk, ASN1_OBJECT_free);
        return x;
 }
@@ -544,7 +541,7 @@ OCSP_archive_cutoff_new(char* tim)
        ASN1_GENERALIZEDTIME *gt = NULL;
        if (!(gt = ASN1_GENERALIZEDTIME_new()))
-                goto err;
+                return NULL;
        if (!(ASN1_GENERALIZEDTIME_set_string(gt, tim)))
                goto err;
        x = X509V3_EXT_i2d(NID_id_pkix_OCSP_archiveCutoff, 0, gt);
@@ -587,13 +584,19 @@ OCSP_url_svcloc_new(X509_NAME* issuer, char **urls)
                        goto err;
                ad->location->type = GEN_URI;
                ad->location->d.ia5 = ia5;
+                ia5 = NULL;
                if (!sk_ACCESS_DESCRIPTION_push(sloc->locator, ad))
                        goto err;
+                ad = NULL;
                urls++;
        }
        x = X509V3_EXT_i2d(NID_id_pkix_OCSP_serviceLocator, 0, sloc);
 err:
+        if (ia5)
+                ASN1_IA5STRING_free(ia5);
+        if (ad)
+                ACCESS_DESCRIPTION_free(ad);
        if (sloc)
                OCSP_SERVICELOC_free(sloc);
        return x;
diff --git a/src/lib/libssl/src/crypto/ocsp/ocsp_ext.c b/src/lib/libssl/src/crypto/ocsp/ocsp_ext.c
index 45b072750f..360e2ef84c 100644
--- a/src/lib/libssl/src/crypto/ocsp/ocsp_ext.c
+++ b/src/lib/libssl/src/crypto/ocsp/ocsp_ext.c
@@ -521,7 +521,7 @@ OCSP_accept_responses_new(char **oids)
        X509_EXTENSION *x = NULL;
        if (!(sk = sk_ASN1_OBJECT_new_null()))
-                goto err;
+                return NULL;
        while (oids && *oids) {
                if ((nid = OBJ_txt2nid(*oids)) != NID_undef &&
                    (o = OBJ_nid2obj(nid)))
@@ -529,10 +529,7 @@ OCSP_accept_responses_new(char **oids)
                oids++;
        }
        x = X509V3_EXT_i2d(NID_id_pkix_OCSP_acceptableResponses, 0, sk);
+        sk_ASN1_OBJECT_pop_free(sk, ASN1_OBJECT_free);
-err:
-        if (sk)
-                sk_ASN1_OBJECT_pop_free(sk, ASN1_OBJECT_free);
        return x;
 }
@@ -544,7 +541,7 @@ OCSP_archive_cutoff_new(char* tim)
        ASN1_GENERALIZEDTIME *gt = NULL;
        if (!(gt = ASN1_GENERALIZEDTIME_new()))
-                goto err;
+                return NULL;
        if (!(ASN1_GENERALIZEDTIME_set_string(gt, tim)))
                goto err;
        x = X509V3_EXT_i2d(NID_id_pkix_OCSP_archiveCutoff, 0, gt);
@@ -587,13 +584,19 @@ OCSP_url_svcloc_new(X509_NAME* issuer, char **urls)
                        goto err;
                ad->location->type = GEN_URI;
                ad->location->d.ia5 = ia5;
+                ia5 = NULL;
                if (!sk_ACCESS_DESCRIPTION_push(sloc->locator, ad))
                        goto err;
+                ad = NULL;
                urls++;
        }
        x = X509V3_EXT_i2d(NID_id_pkix_OCSP_serviceLocator, 0, sloc);
 err:
+        if (ia5)
+                ASN1_IA5STRING_free(ia5);
+        if (ad)
+                ACCESS_DESCRIPTION_free(ad);
        if (sloc)
                OCSP_SERVICELOC_free(sloc);
        return x;
author	miod <>	2014-05-18 16:19:09 +0000
committer	miod <>	2014-05-18 16:19:09 +0000
commit	a3380d29afacb8edd0e4e1eee12cb9156fa40cf8 (patch)
tree	c4ea34577f8162cb6025aff98bb674a963f7e1fd /src
parent	b5d9cd2255a7e97b93cadef1883c8699dce9d72b (diff)
download	openbsd-a3380d29afacb8edd0e4e1eee12cb9156fa40cf8.tar.gz openbsd-a3380d29afacb8edd0e4e1eee12cb9156fa40cf8.tar.bz2 openbsd-a3380d29afacb8edd0e4e1eee12cb9156fa40cf8.zip

diff --git a/src/lib/libcrypto/ocsp/ocsp_ext.c b/src/lib/libcrypto/ocsp/ocsp_ext.c index 45b072750f..360e2ef84c 100644 --- a/src/lib/libcrypto/ocsp/ocsp_ext.c +++ b/src/lib/libcrypto/ocsp/ocsp_ext.c
@@ -521,7 +521,7 @@ OCSP_accept_responses_new(char **oids)
521	X509_EXTENSION *x = NULL;	521	X509_EXTENSION *x = NULL;
522		522
523	if (!(sk = sk_ASN1_OBJECT_new_null()))	523	if (!(sk = sk_ASN1_OBJECT_new_null()))
524	goto err;	524	return NULL;
525	while (oids && *oids) {	525	while (oids && *oids) {
526	if ((nid = OBJ_txt2nid(*oids)) != NID_undef &&	526	if ((nid = OBJ_txt2nid(*oids)) != NID_undef &&
527	(o = OBJ_nid2obj(nid)))	527	(o = OBJ_nid2obj(nid)))
@@ -529,10 +529,7 @@ OCSP_accept_responses_new(char **oids)
529	oids++;	529	oids++;
530	}	530	}
531	x = X509V3_EXT_i2d(NID_id_pkix_OCSP_acceptableResponses, 0, sk);	531	x = X509V3_EXT_i2d(NID_id_pkix_OCSP_acceptableResponses, 0, sk);
532		532	sk_ASN1_OBJECT_pop_free(sk, ASN1_OBJECT_free);
533	err:
534	if (sk)
535	sk_ASN1_OBJECT_pop_free(sk, ASN1_OBJECT_free);
536	return x;	533	return x;
537	}	534	}
538		535
@@ -544,7 +541,7 @@ OCSP_archive_cutoff_new(char* tim)
544	ASN1_GENERALIZEDTIME *gt = NULL;	541	ASN1_GENERALIZEDTIME *gt = NULL;
545		542
546	if (!(gt = ASN1_GENERALIZEDTIME_new()))	543	if (!(gt = ASN1_GENERALIZEDTIME_new()))
547	goto err;	544	return NULL;
548	if (!(ASN1_GENERALIZEDTIME_set_string(gt, tim)))	545	if (!(ASN1_GENERALIZEDTIME_set_string(gt, tim)))
549	goto err;	546	goto err;
550	x = X509V3_EXT_i2d(NID_id_pkix_OCSP_archiveCutoff, 0, gt);	547	x = X509V3_EXT_i2d(NID_id_pkix_OCSP_archiveCutoff, 0, gt);
@@ -587,13 +584,19 @@ OCSP_url_svcloc_new(X509_NAME* issuer, char **urls)
587	goto err;	584	goto err;
588	ad->location->type = GEN_URI;	585	ad->location->type = GEN_URI;
589	ad->location->d.ia5 = ia5;	586	ad->location->d.ia5 = ia5;
		587	ia5 = NULL;
590	if (!sk_ACCESS_DESCRIPTION_push(sloc->locator, ad))	588	if (!sk_ACCESS_DESCRIPTION_push(sloc->locator, ad))
591	goto err;	589	goto err;
		590	ad = NULL;
592	urls++;	591	urls++;
593	}	592	}
594	x = X509V3_EXT_i2d(NID_id_pkix_OCSP_serviceLocator, 0, sloc);	593	x = X509V3_EXT_i2d(NID_id_pkix_OCSP_serviceLocator, 0, sloc);
595		594
596	err:	595	err:
		596	if (ia5)
		597	ASN1_IA5STRING_free(ia5);
		598	if (ad)
		599	ACCESS_DESCRIPTION_free(ad);
597	if (sloc)	600	if (sloc)
598	OCSP_SERVICELOC_free(sloc);	601	OCSP_SERVICELOC_free(sloc);
599	return x;	602	return x;


diff --git a/src/lib/libssl/src/crypto/ocsp/ocsp_ext.c b/src/lib/libssl/src/crypto/ocsp/ocsp_ext.c index 45b072750f..360e2ef84c 100644 --- a/src/lib/libssl/src/crypto/ocsp/ocsp_ext.c +++ b/src/lib/libssl/src/crypto/ocsp/ocsp_ext.c
@@ -521,7 +521,7 @@ OCSP_accept_responses_new(char **oids)
521	X509_EXTENSION *x = NULL;	521	X509_EXTENSION *x = NULL;
522		522
523	if (!(sk = sk_ASN1_OBJECT_new_null()))	523	if (!(sk = sk_ASN1_OBJECT_new_null()))
524	goto err;	524	return NULL;
525	while (oids && *oids) {	525	while (oids && *oids) {
526	if ((nid = OBJ_txt2nid(*oids)) != NID_undef &&	526	if ((nid = OBJ_txt2nid(*oids)) != NID_undef &&
527	(o = OBJ_nid2obj(nid)))	527	(o = OBJ_nid2obj(nid)))
@@ -529,10 +529,7 @@ OCSP_accept_responses_new(char **oids)
529	oids++;	529	oids++;
530	}	530	}
531	x = X509V3_EXT_i2d(NID_id_pkix_OCSP_acceptableResponses, 0, sk);	531	x = X509V3_EXT_i2d(NID_id_pkix_OCSP_acceptableResponses, 0, sk);
532		532	sk_ASN1_OBJECT_pop_free(sk, ASN1_OBJECT_free);
533	err:
534	if (sk)
535	sk_ASN1_OBJECT_pop_free(sk, ASN1_OBJECT_free);
536	return x;	533	return x;
537	}	534	}
538		535
@@ -544,7 +541,7 @@ OCSP_archive_cutoff_new(char* tim)
544	ASN1_GENERALIZEDTIME *gt = NULL;	541	ASN1_GENERALIZEDTIME *gt = NULL;
545		542
546	if (!(gt = ASN1_GENERALIZEDTIME_new()))	543	if (!(gt = ASN1_GENERALIZEDTIME_new()))
547	goto err;	544	return NULL;
548	if (!(ASN1_GENERALIZEDTIME_set_string(gt, tim)))	545	if (!(ASN1_GENERALIZEDTIME_set_string(gt, tim)))
549	goto err;	546	goto err;
550	x = X509V3_EXT_i2d(NID_id_pkix_OCSP_archiveCutoff, 0, gt);	547	x = X509V3_EXT_i2d(NID_id_pkix_OCSP_archiveCutoff, 0, gt);
@@ -587,13 +584,19 @@ OCSP_url_svcloc_new(X509_NAME* issuer, char **urls)
587	goto err;	584	goto err;
588	ad->location->type = GEN_URI;	585	ad->location->type = GEN_URI;
589	ad->location->d.ia5 = ia5;	586	ad->location->d.ia5 = ia5;
		587	ia5 = NULL;
590	if (!sk_ACCESS_DESCRIPTION_push(sloc->locator, ad))	588	if (!sk_ACCESS_DESCRIPTION_push(sloc->locator, ad))
591	goto err;	589	goto err;
		590	ad = NULL;
592	urls++;	591	urls++;
593	}	592	}
594	x = X509V3_EXT_i2d(NID_id_pkix_OCSP_serviceLocator, 0, sloc);	593	x = X509V3_EXT_i2d(NID_id_pkix_OCSP_serviceLocator, 0, sloc);
595		594
596	err:	595	err:
		596	if (ia5)
		597	ASN1_IA5STRING_free(ia5);
		598	if (ad)
		599	ACCESS_DESCRIPTION_free(ad);
597	if (sloc)	600	if (sloc)
598	OCSP_SERVICELOC_free(sloc);	601	OCSP_SERVICELOC_free(sloc);
599	return x;	602	return x;