Fix possible leaks on sk_X509_EXTENSION_push() failure ... (1687aa76) · Commits · CYBER - Cyber Security / TS 103 523 MSP / TLMSP / TLMSP OpenSSL

crypto/x509v3/v3_lib.c

+18 −7

Original line number	Diff line number	Diff line
		@@ -54,6 +54,7 @@ const X509V3_EXT_METHOD *X509V3_EXT_get_nid(int nid)
		X509V3_EXT_METHOD tmp;
		const X509V3_EXT_METHOD t = &tmp, const *ret;
		int idx;

		if (nid < 0)
		return NULL;
		tmp.ext_nid = nid;
		@@ -165,6 +166,7 @@ void X509V3_get_d2i(const STACK_OF(X509_EXTENSION) x, int nid, int *crit,
		{
		int lastpos, i;
		X509_EXTENSION ex, found_ex = NULL;

		if (!x) {
		if (idx)
		*idx = -1;
		@@ -218,9 +220,9 @@ void X509V3_get_d2i(const STACK_OF(X509_EXTENSION) x, int nid, int *crit,
		int X509V3_add1_i2d(STACK_OF(X509_EXTENSION) *x, int nid, void value,
		int crit, unsigned long flags)
		{
		int extidx = -1;
		int errcode;
		X509_EXTENSION ext, extmp;
		int errcode, extidx = -1;
		X509_EXTENSION ext = NULL, extmp;
		STACK_OF(X509_EXTENSION) *ret = NULL;
		unsigned long ext_op = flags & X509V3_ADD_OP_MASK;

		/*
		@@ -279,14 +281,23 @@ int X509V3_add1_i2d(STACK_OF(X509_EXTENSION) *x, int nid, void value,
		return 1;
		}

		ret = *x;
		if (*x == NULL
		&& (*x = sk_X509_EXTENSION_new_null()) == NULL)
		return -1;
		if (!sk_X509_EXTENSION_push(*x, ext))
		return -1;
		&& (ret = sk_X509_EXTENSION_new_null()) == NULL)
		goto m_fail;
		if (!sk_X509_EXTENSION_push(ret, ext))
		goto m_fail;

		*x = ret;
		return 1;

		m_fail:
		/* X509V3err(X509V3_F_X509V3_ADD1_I2D, ERR_R_MALLOC_FAILURE); */
		if (ret != *x)
		sk_X509_EXTENSION_free(ret);
		X509_EXTENSION_free(ext);
		return -1;

		err:
		if (!(flags & X509V3_ADD_SILENT))
		X509V3err(X509V3_F_X509V3_ADD1_I2D, errcode);