x509: fix a dangling pointer

If object was pointer was passed and an error occured the object was freed & the pointer returned. Fix this to NULL out the caller's pointer before returning. Fixes #15115 Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15238)
author: Pauli <pauli@openssl.org> 2021-05-12 14:22:52 +1000
committer: Pauli <pauli@openssl.org> 2021-05-13 18:00:36 +1000
commit: 66ddc0759a435672f1c48b856a0968e7f6e35a82 (patch)
tree: 991359e6066c85f4c292917facee4410e8005fdc
parent: b1423d04cdcad9dbbe2da6e4751f0895112cc977 (diff)
1 files changed, 3 insertions, 1 deletions
diff --git a/crypto/x509/x_x509.c b/crypto/x509/x_x509.c
index 529d701bbb..7959ee223f 100644
--- a/crypto/x509/x_x509.c
+++ b/crypto/x509/x_x509.c
@@ -131,8 +131,10 @@ X509 *d2i_X509(X509 **a, const unsigned char **in, long len)
     /* Only cache the extensions if the cert object was passed in */
     if (cert != NULL && a != NULL) { /* then cert == *a */
         if (!ossl_x509v3_cache_extensions(cert)) {
-            if (free_on_error)
+            if (free_on_error) {
+                *a = NULL;
                 X509_free(cert);
+            }
             cert = NULL;
         }
     }
author	Pauli <pauli@openssl.org>	2021-05-12 14:22:52 +1000
committer	Pauli <pauli@openssl.org>	2021-05-13 18:00:36 +1000
commit	66ddc0759a435672f1c48b856a0968e7f6e35a82 (patch)
tree	991359e6066c85f4c292917facee4410e8005fdc
parent	b1423d04cdcad9dbbe2da6e4751f0895112cc977 (diff)