Fix two leaks in X509_REQ_to_X509 (0517538d) · Commits · CYBER - Cyber Security / TS 103 523 MSP / ETS / ETS OpenSSL

crypto/x509/x509_r2x.c

+14 −4

Original line number	Diff line number	Diff line
		@@ -70,10 +70,11 @@ X509 X509_REQ_to_X509(X509_REQ r, int days, EVP_PKEY *pkey)
		X509 *ret = NULL;
		X509_CINF *xi = NULL;
		X509_NAME *xn;
		EVP_PKEY *pubkey = NULL;

		if ((ret = X509_new()) == NULL) {
		X509err(X509_F_X509_REQ_TO_X509, ERR_R_MALLOC_FAILURE);
		goto err;
		return NULL;
		}

		/* duplicate the request */
		@@ -89,9 +90,9 @@ X509 X509_REQ_to_X509(X509_REQ r, int days, EVP_PKEY *pkey)
		}

		xn = X509_REQ_get_subject_name(r);
		if (X509_set_subject_name(ret, X509_NAME_dup(xn)) == 0)
		if (X509_set_subject_name(ret, xn) == 0)
		goto err;
		if (X509_set_issuer_name(ret, X509_NAME_dup(xn)) == 0)
		if (X509_set_issuer_name(ret, xn) == 0)
		goto err;

		if (X509_gmtime_adj(xi->validity.notBefore, 0) == NULL)
		@@ -100,12 +101,21 @@ X509 X509_REQ_to_X509(X509_REQ r, int days, EVP_PKEY *pkey)
		NULL)
		goto err;

		X509_set_pubkey(ret, X509_REQ_get_pubkey(r));
		pubkey = X509_REQ_get_pubkey(r);
		if (pubkey == NULL)
		goto err;

		if (!X509_set_pubkey(ret, pubkey))
		goto err_pkey;

		EVP_PKEY_free(pubkey);

		if (!X509_sign(ret, pkey, EVP_md5()))
		goto err;
		return ret;

		err_pkey:
		EVP_PKEY_free(pubkey);
		err:
		X509_free(ret);
		return NULL;