Fix a possible memleak in opt_verify

The ASN1_OBJECT otmp was leaked if X509_VERIFY_PARAM_add0_policy fails. Reviewed-by: Shane Lontis <shane.lontis@oracle.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/22922)
author: Bernd Edlinger <bernd.edlinger@hotmail.de> 2023-12-03 11:41:51 +0100
committer: Tomas Mraz <tomas@openssl.org> 2023-12-12 19:50:23 +0100
commit: d6688e45fa2f987f3ffd324e19922468beee5ddc (patch)
tree: 1746670d24da489dd2ef5165c08097f02a050a66 /apps
parent: 01709fcb8b609cfc47e277d20492c333bafb113e (diff)
1 files changed, 6 insertions, 1 deletions
diff --git a/apps/lib/opt.c b/apps/lib/opt.c
index 2d61ac9a78..0490c39c25 100644
--- a/apps/lib/opt.c
+++ b/apps/lib/opt.c
@@ -726,7 +726,12 @@ int opt_verify(int opt, X509_VERIFY_PARAM *vpm)
             opt_printf_stderr("%s: Invalid Policy %s\n", prog, opt_arg());
             return 0;
         }
-        X509_VERIFY_PARAM_add0_policy(vpm, otmp);
+        if (!X509_VERIFY_PARAM_add0_policy(vpm, otmp)) {
+            ASN1_OBJECT_free(otmp);
+            opt_printf_stderr("%s: Internal error adding Policy %s\n",
+                              prog, opt_arg());
+            return 0;
+        }
         break;
     case OPT_V_PURPOSE:
         /* purpose name -> purpose index */
author	Bernd Edlinger <bernd.edlinger@hotmail.de>	2023-12-03 11:41:51 +0100
committer	Tomas Mraz <tomas@openssl.org>	2023-12-12 19:50:23 +0100
commit	d6688e45fa2f987f3ffd324e19922468beee5ddc (patch)
tree	1746670d24da489dd2ef5165c08097f02a050a66 /apps
parent	01709fcb8b609cfc47e277d20492c333bafb113e (diff)