Commit 5ee289ea authored Jan 25, 2017 by Matt Caswell

Fix memory leaks in the Certificate extensions code



After collecting extensions we must free them again.

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2284)

parent 0fe2a0af

ssl/statem/statem_clnt.c

+4 −1

Original line number	Diff line number	Diff line
		@@ -1425,9 +1425,12 @@ MSG_PROCESS_RETURN tls_process_server_certificate(SSL s, PACKET pkt)
		if (!tls_collect_extensions(s, &extensions, EXT_TLS1_3_CERTIFICATE,
		&rawexts, &al)
		\|\| !tls_parse_all_extensions(s, EXT_TLS1_3_CERTIFICATE,
		rawexts, x, chainidx, &al))
		rawexts, x, chainidx, &al)) {
		OPENSSL_free(rawexts);
		goto f_err;
		}
		OPENSSL_free(rawexts);
		}

		if (!sk_X509_push(sk, x)) {
		SSLerr(SSL_F_TLS_PROCESS_SERVER_CERTIFICATE, ERR_R_MALLOC_FAILURE);

ssl/statem/statem_srvr.c

+4 −1

Original line number	Diff line number	Diff line
		@@ -3061,9 +3061,12 @@ MSG_PROCESS_RETURN tls_process_client_certificate(SSL s, PACKET pkt)
		if (!tls_collect_extensions(s, &extensions, EXT_TLS1_3_CERTIFICATE,
		&rawexts, &al)
		\|\| !tls_parse_all_extensions(s, EXT_TLS1_3_CERTIFICATE,
		rawexts, x, chainidx, &al))
		rawexts, x, chainidx, &al)) {
		OPENSSL_free(rawexts);
		goto f_err;
		}
		OPENSSL_free(rawexts);
		}

		if (!sk_X509_push(sk, x)) {
		SSLerr(SSL_F_TLS_PROCESS_CLIENT_CERTIFICATE, ERR_R_MALLOC_FAILURE);