diff options
author | Viktor Dukhovni <openssl-users@dukhovni.org> | 2024-03-27 18:15:29 -0400 |
---|---|---|
committer | Tomas Mraz <tomas@openssl.org> | 2024-05-08 10:54:32 +0200 |
commit | b50d1c2e70180936f24f67ad11318b891785db97 (patch) | |
tree | 73d6bf0444d10002151df1d50370935f00b48c4b | |
parent | ee2b7d5264d9e5498393744e9355dc8b735ab237 (diff) |
Avoid memory leak in x509_test error path
Fixes #23897
Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23991)
(cherry picked from commit 7cbca5a6d6e792c75c414e1f3fb22e2afae67988)
-rw-r--r-- | test/v3ext.c | 15 |
1 files changed, 12 insertions, 3 deletions
diff --git a/test/v3ext.c b/test/v3ext.c index 88034db271..6c5b3f8371 100644 --- a/test/v3ext.c +++ b/test/v3ext.c @@ -269,17 +269,20 @@ static int test_addr_fam_len(void) goto end; if (!ASN1_OCTET_STRING_set(f1->addressFamily, key, keylen)) goto end; + + /* Push and transfer memory ownership to stack */ if (!sk_IPAddressFamily_push(addr, f1)) goto end; + f1 = NULL; /* Shouldn't be able to canonize this as the len is > 3*/ if (!TEST_false(X509v3_addr_canonize(addr))) goto end; - /* Create a well formed IPAddressFamily */ - f1 = sk_IPAddressFamily_pop(addr); - IPAddressFamily_free(f1); + /* Pop and free the new stack element */ + IPAddressFamily_free(sk_IPAddressFamily_pop(addr)); + /* Create a well-formed IPAddressFamily */ key[0] = (afi >> 8) & 0xFF; key[1] = afi & 0xFF; key[2] = 0x1; @@ -297,8 +300,11 @@ static int test_addr_fam_len(void) /* Mark this as inheritance so we skip some of the is_canonize checks */ f1->ipAddressChoice->type = IPAddressChoice_inherit; + + /* Push and transfer memory ownership to stack */ if (!sk_IPAddressFamily_push(addr, f1)) goto end; + f1 = NULL; /* Should be able to canonize now */ if (!TEST_true(X509v3_addr_canonize(addr))) @@ -306,7 +312,10 @@ static int test_addr_fam_len(void) testresult = 1; end: + /* Free stack and any memory owned by detached element */ + IPAddressFamily_free(f1); sk_IPAddressFamily_pop_free(addr, IPAddressFamily_free); + ASN1_OCTET_STRING_free(ip1); ASN1_OCTET_STRING_free(ip2); return testresult; |