Fix memory leak on bad inputs.

author: Bodo Möller <bodo@openssl.org> 2011-09-05 09:57:03 +0000
committer: Bodo Möller <bodo@openssl.org> 2011-09-05 09:57:03 +0000
commit: 8eaf563c417724efe82649c69976caa38c02cba3 (patch)
tree: f968fc539963d793643c9fd1669ecc383bd28e56
parent: 80d7e6b03952545d7da17301cf9f8f7ecfa4e48e (diff)
2 files changed, 9 insertions, 1 deletions
diff --git a/CHANGES b/CHANGES
index a332c7dd3f..4ad9ae7580 100644
--- a/CHANGES
+++ b/CHANGES
@@ -4,6 +4,9 @@
 
  Changes between 1.0.0d and 1.0.0e [xx XXX xxxx]
 
+  *) Fix x509_name_ex_d2i memory leak on bad inputs.
+     [Bodo Moeller]
+
   *) Remove hard coded ecdsaWithSHA1 signature tests in ssl code and check
      signature public key algorithm by using OID xref utilities instead.
      Before this you could only use some ECC ciphersuites with SHA1 only.
@@ -898,6 +901,9 @@
   
  Changes between 0.9.8r and 0.9.8s [xx XXX xxxx]
 
+  *) Fix x509_name_ex_d2i memory leak on bad inputs.
+     [Bodo Moeller]
+
   *) Add protection against ECDSA timing attacks as mentioned in the paper
      by Billy Bob Brumley and Nicola Tuveri, see:
 
diff --git a/crypto/asn1/x_name.c b/crypto/asn1/x_name.c
index 063bf7c16b..49be08b4da 100644
--- a/crypto/asn1/x_name.c
+++ b/crypto/asn1/x_name.c
@@ -214,7 +214,9 @@ static int x509_name_ex_d2i(ASN1_VALUE **val,
 	*val = nm.a;
 	*in = p;
 	return ret;
-	err:
+err:
+        if (nm.x != NULL)
+		X509_NAME_free(nm.x);
 	ASN1err(ASN1_F_X509_NAME_EX_D2I, ERR_R_NESTED_ASN1_ERROR);
 	return 0;
 }
author	Bodo Möller <bodo@openssl.org>	2011-09-05 09:57:03 +0000
committer	Bodo Möller <bodo@openssl.org>	2011-09-05 09:57:03 +0000
commit	8eaf563c417724efe82649c69976caa38c02cba3 (patch)
tree	f968fc539963d793643c9fd1669ecc383bd28e56
parent	80d7e6b03952545d7da17301cf9f8f7ecfa4e48e (diff)