diff options
author | Dr. David von Oheimb <David.von.Oheimb@siemens.com> | 2021-02-15 10:24:58 +0100 |
---|---|---|
committer | Dr. David von Oheimb <dev@ddvo.net> | 2021-02-17 17:37:13 +0100 |
commit | adc11e1b9cf12df3c67de165a2b42ac72266cbca (patch) | |
tree | 6c8edbec52734aec77f9ab38a8aa75150c0bfbd7 /crypto/x509 | |
parent | b51bed05c2ab54a1933b5c18862e68cd4540278c (diff) |
x509_vfy: fix mem leaks in chain_build() on malloc error Coverify CID 1473068
Fixes: Variable "sk_untrusted" going out of scope leaks the storage it points to.
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14187)
Diffstat (limited to 'crypto/x509')
-rw-r--r-- | crypto/x509/x509_vfy.c | 12 |
1 files changed, 5 insertions, 7 deletions
diff --git a/crypto/x509/x509_vfy.c b/crypto/x509/x509_vfy.c index 4e192abec4..d5c09d28f4 100644 --- a/crypto/x509/x509_vfy.c +++ b/crypto/x509/x509_vfy.c @@ -3035,12 +3035,9 @@ static int build_chain(X509_STORE_CTX *ctx) * If we got any "DANE-TA(2) Cert(0) Full(0)" trust anchors from DNS, add * them to our working copy of the untrusted certificate stack. */ - if (DANETLS_ENABLED(dane) && dane->certs != NULL) { - if (!X509_add_certs(sk_untrusted, dane->certs, X509_ADD_FLAG_DEFAULT)) { - sk_X509_free(sk_untrusted); - goto memerr; - } - } + if (DANETLS_ENABLED(dane) && dane->certs != NULL + && !X509_add_certs(sk_untrusted, dane->certs, X509_ADD_FLAG_DEFAULT)) + goto memerr; /* * Still absurdly large, but arithmetically safe, a lower hard upper bound @@ -3306,14 +3303,15 @@ static int build_chain(X509_STORE_CTX *ctx) } int_err: - sk_X509_free(sk_untrusted); ERR_raise(ERR_LIB_X509, ERR_R_INTERNAL_ERROR); ctx->error = X509_V_ERR_UNSPECIFIED; + sk_X509_free(sk_untrusted); return -1; memerr: ERR_raise(ERR_LIB_X509, ERR_R_MALLOC_FAILURE); ctx->error = X509_V_ERR_OUT_OF_MEM; + sk_X509_free(sk_untrusted); return -1; } |