Commit a7276279 authored by Bernd Edlinger's avatar Bernd Edlinger
Browse files

Fix a memory leak with di2_X509_CRL reuse 



Additionally avoid undefined behavior with
in-place memcpy in X509_CRL_digest.

Fixes #8099

Reviewed-by: default avatarMatt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8112)
parent 62b563b9

crypto/x509/x_crl.c

+12 −0
Original line number Diff line number Diff line
@@ -158,6 +158,18 @@ static int crl_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it, 
    int idx;



    switch (operation) {

    case ASN1_OP_D2I_PRE:

        if (crl->meth->crl_free) {

            if (!crl->meth->crl_free(crl))

                return 0;

        }

        AUTHORITY_KEYID_free(crl->akid);

        ISSUING_DIST_POINT_free(crl->idp);

        ASN1_INTEGER_free(crl->crl_number);

        ASN1_INTEGER_free(crl->base_crl_number);

        sk_GENERAL_NAMES_pop_free(crl->issuers, GENERAL_NAMES_free);

        /* fall thru */



    case ASN1_OP_NEW_POST:

        crl->idp = NULL;

        crl->akid = NULL;

test/crltest.c

+15 −0
Original line number Diff line number Diff line
@@ -357,6 +357,20 @@ static int test_unknown_critical_crl(int n) 
    return r;

}



static int test_reuse_crl(void)

{

    X509_CRL *reused_crl = CRL_from_strings(kBasicCRL);

    char *p;

    BIO *b = glue2bio(kRevokedCRL, &p);



    reused_crl = PEM_read_bio_X509_CRL(b, &reused_crl, NULL, NULL);



    OPENSSL_free(p);

    BIO_free(b);

    X509_CRL_free(reused_crl);

    return 1;

}



int setup_tests(void)

{

    if (!TEST_ptr(test_root = X509_from_strings(kCRLTestRoot))
@@ -368,6 +382,7 @@ int setup_tests(void) 
    ADD_TEST(test_bad_issuer_crl);

    ADD_TEST(test_known_critical_crl);

    ADD_ALL_TESTS(test_unknown_critical_crl, OSSL_NELEM(unknown_critical_crls));

    ADD_TEST(test_reuse_crl);

    return 1;

}