Commit 75a3e392 authored by Matt Caswell's avatar Matt Caswell
Browse files

Fix some error path logic in i2v_AUTHORITY_INFO_ACCESS and i2v_GENERAL_NAME 



Fixes #1653 reported by Guido Vranken

Reviewed-by: default avatarRich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3362)
parent 33564cb7

crypto/x509v3/v3_alt.c

+21 −11
Original line number Diff line number Diff line
@@ -70,32 +70,39 @@ STACK_OF(CONF_VALUE) *i2v_GENERAL_NAME(X509V3_EXT_METHOD *method, 
    int i;

    switch (gen->type) {

    case GEN_OTHERNAME:

        X509V3_add_value("othername", "<unsupported>", &ret);

        if (!X509V3_add_value("othername", "<unsupported>", &ret))

            return NULL;

        break;



    case GEN_X400:

        X509V3_add_value("X400Name", "<unsupported>", &ret);

        if (!X509V3_add_value("X400Name", "<unsupported>", &ret))

            return NULL;

        break;



    case GEN_EDIPARTY:

        X509V3_add_value("EdiPartyName", "<unsupported>", &ret);

        if (!X509V3_add_value("EdiPartyName", "<unsupported>", &ret))

            return NULL;

        break;



    case GEN_EMAIL:

        X509V3_add_value_uchar("email", gen->d.ia5->data, &ret);

        if (!X509V3_add_value_uchar("email", gen->d.ia5->data, &ret))

            return NULL;

        break;



    case GEN_DNS:

        X509V3_add_value_uchar("DNS", gen->d.ia5->data, &ret);

        if (!X509V3_add_value_uchar("DNS", gen->d.ia5->data, &ret))

            return NULL;

        break;



    case GEN_URI:

        X509V3_add_value_uchar("URI", gen->d.ia5->data, &ret);

        if (!X509V3_add_value_uchar("URI", gen->d.ia5->data, &ret))

            return NULL;

        break;



    case GEN_DIRNAME:

        X509_NAME_oneline(gen->d.dirn, oline, 256);

        X509V3_add_value("DirName", oline, &ret);

        if (X509_NAME_oneline(gen->d.dirn, oline, 256) == NULL

                || !X509V3_add_value("DirName", oline, &ret))

            return NULL;

        break;



    case GEN_IPADD:
@@ -113,15 +120,18 @@ STACK_OF(CONF_VALUE) *i2v_GENERAL_NAME(X509V3_EXT_METHOD *method, 
                    strcat(oline, ":");

            }

        } else {

            X509V3_add_value("IP Address", "<invalid>", &ret);

            if (!X509V3_add_value("IP Address", "<invalid>", &ret))

                return NULL;

            break;

        }

        X509V3_add_value("IP Address", oline, &ret);

        if (!X509V3_add_value("IP Address", oline, &ret))

            return NULL;

        break;



    case GEN_RID:

        i2t_ASN1_OBJECT(oline, 256, gen->d.rid);

        X509V3_add_value("Registered ID", oline, &ret);

        if (!X509V3_add_value("Registered ID", oline, &ret))

            return NULL;

        break;

    }

    return ret;

crypto/x509v3/v3_info.c

+22 −15
Original line number Diff line number Diff line
@@ -58,29 +58,30 @@ ASN1_ITEM_TEMPLATE_END(AUTHORITY_INFO_ACCESS) 


IMPLEMENT_ASN1_FUNCTIONS(AUTHORITY_INFO_ACCESS)



static STACK_OF(CONF_VALUE) *i2v_AUTHORITY_INFO_ACCESS(X509V3_EXT_METHOD

                                                       *method, AUTHORITY_INFO_ACCESS

                                                       *ainfo, STACK_OF(CONF_VALUE)

                                                       *ret)

static STACK_OF(CONF_VALUE) *i2v_AUTHORITY_INFO_ACCESS(

    X509V3_EXT_METHOD *method, AUTHORITY_INFO_ACCESS *ainfo,

    STACK_OF(CONF_VALUE) *ret)

{

    ACCESS_DESCRIPTION *desc;

    int i, nlen;

    char objtmp[80], *ntmp;

    CONF_VALUE *vtmp;

    STACK_OF(CONF_VALUE) *tret = ret;



    for (i = 0; i < sk_ACCESS_DESCRIPTION_num(ainfo); i++) {

        STACK_OF(CONF_VALUE) *tmp;



        desc = sk_ACCESS_DESCRIPTION_value(ainfo, i);

        ret = i2v_GENERAL_NAME(method, desc->location, ret);

        if (!ret)

            break;

        vtmp = sk_CONF_VALUE_value(ret, i);

        tmp = i2v_GENERAL_NAME(method, desc->location, tret);

        if (tmp == NULL)

            goto err;

        tret = tmp;

        vtmp = sk_CONF_VALUE_value(tret, i);

        i2t_ASN1_OBJECT(objtmp, sizeof objtmp, desc->method);

        nlen = strlen(objtmp) + strlen(vtmp->name) + 5;

        ntmp = OPENSSL_malloc(nlen);

        if (ntmp == NULL) {

            X509V3err(X509V3_F_I2V_AUTHORITY_INFO_ACCESS,

                      ERR_R_MALLOC_FAILURE);

            return NULL;

        }

        if (ntmp == NULL)

            goto err;

        OPENSSL_strlcpy(ntmp, objtmp, nlen);

        OPENSSL_strlcat(ntmp, " - ", nlen);

        OPENSSL_strlcat(ntmp, vtmp->name, nlen);
@@ -88,9 +89,15 @@ static STACK_OF(CONF_VALUE) *i2v_AUTHORITY_INFO_ACCESS(X509V3_EXT_METHOD 
        vtmp->name = ntmp;



    }

    if (!ret)

    if (ret == NULL && tret == NULL)

        return sk_CONF_VALUE_new_null();

    return ret;



    return tret;

 err:

    X509V3err(X509V3_F_I2V_AUTHORITY_INFO_ACCESS, ERR_R_MALLOC_FAILURE);

    if (ret == NULL && tret != NULL)

        sk_CONF_VALUE_pop_free(tret, X509V3_conf_free);

    return NULL;

}



static AUTHORITY_INFO_ACCESS *v2i_AUTHORITY_INFO_ACCESS(X509V3_EXT_METHOD