X509V3_EXT_add_nconf_sk, X509v3_add_ext: fix errors handling

X509v3_add_ext: free 'sk' if the memory pointed to by it was malloc-ed inside this function. X509V3_EXT_add_nconf_sk: return an error if X509v3_add_ext() fails. This prevents use of a freed memory in do_body:sk_X509_EXTENSION_num(). Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/4896)
author: Pavel Kopyl <p.kopyl@samsung.com> 2017-12-10 22:49:42 +0300
committer: Matt Caswell <matt@openssl.org> 2018-02-21 12:28:56 +0000
commit: becdc13fd87052058c87dd0ee3894345617085b8 (patch)
tree: be139923ef8754414485303b1e35c68142b2368c /crypto/x509v3
parent: cb7503750efc02c64cdb7167dee692e47c44c6e9 (diff)
1 files changed, 6 insertions, 2 deletions
diff --git a/crypto/x509v3/v3_conf.c b/crypto/x509v3/v3_conf.c
index c1b4c1a89f..c984aa0d38 100644
--- a/crypto/x509v3/v3_conf.c
+++ b/crypto/x509v3/v3_conf.c
@@ -340,8 +340,12 @@ int X509V3_EXT_add_nconf_sk(CONF *conf, X509V3_CTX *ctx, char *section,
         val = sk_CONF_VALUE_value(nval, i);
         if (!(ext = X509V3_EXT_nconf(conf, ctx, val->name, val->value)))
             return 0;
-        if (sk)
-            X509v3_add_ext(sk, ext, -1);
+        if (sk != NULL) {
+            if (X509v3_add_ext(sk, ext, -1) == NULL) {
+                X509_EXTENSION_free(ext);
+                return 0;
+            }
+        }
         X509_EXTENSION_free(ext);
     }
     return 1;
author	Pavel Kopyl <p.kopyl@samsung.com>	2017-12-10 22:49:42 +0300
committer	Matt Caswell <matt@openssl.org>	2018-02-21 12:28:56 +0000
commit	becdc13fd87052058c87dd0ee3894345617085b8 (patch)
tree	be139923ef8754414485303b1e35c68142b2368c /crypto/x509v3
parent	cb7503750efc02c64cdb7167dee692e47c44c6e9 (diff)