Commit 8ec5c5dd authored by Kurt Roeckx's avatar Kurt Roeckx
Browse files

do_dirname: Don't change gen on failures 



It would set gen->d.dirn to a freed pointer in case X509V3_NAME_from_section
failed.

Reviewed-by: default avatarRich Salz <rsalz@openssl.org>
parent f49baeff

crypto/x509v3/v3_alt.c

+10 −8
Original line number Diff line number Diff line
@@ -586,24 +586,26 @@ static int do_othername(GENERAL_NAME *gen, char *value, X509V3_CTX *ctx) 


static int do_dirname(GENERAL_NAME *gen, char *value, X509V3_CTX *ctx)

{

    int ret;

    STACK_OF(CONF_VALUE) *sk;

    X509_NAME *nm;

    int ret = 0;

    STACK_OF(CONF_VALUE) *sk = NULL;

    X509_NAME *nm = NULL;

    if (!(nm = X509_NAME_new()))

        return 0;

        goto err;

    sk = X509V3_get_section(ctx, value);

    if (!sk) {

        X509V3err(X509V3_F_DO_DIRNAME, X509V3_R_SECTION_NOT_FOUND);

        ERR_add_error_data(2, "section=", value);

        X509_NAME_free(nm);

        return 0;

        goto err;

    }

    /* FIXME: should allow other character types... */

    ret = X509V3_NAME_from_section(nm, sk, MBSTRING_ASC);

    if (!ret)

        X509_NAME_free(nm);

        goto err;

    gen->d.dirn = nm;

    X509V3_section_free(ctx, sk);



err:

    if (ret == 0)

        X509_NAME_free(nm);

    X509V3_section_free(ctx, sk);

    return ret;

}