Commit b3b966fb authored by Jonas Maebe's avatar Jonas Maebe Committed by Kurt Roeckx
Browse files

ssl_cert_dup: Fix memory leak 



Always use goto err on failure and call ssl_cert_free() on the error path so all
fields and "ret" itself are freed

Signed-off-by: default avatarKurt Roeckx <kurt@roeckx.be>
Reviewed-by: default avatarRichard Levitte <levitte@openssl.org>
parent 6c42b39c

ssl/ssl_cert.c

+2 −22
Original line number Original line Diff line number Diff line
@@ -315,7 +315,7 @@ CERT *ssl_cert_dup(CERT *cert) 
			if (ret->pkeys[i].serverinfo == NULL)

			if (ret->pkeys[i].serverinfo == NULL)

				{

				{

				SSLerr(SSL_F_SSL_CERT_DUP, ERR_R_MALLOC_FAILURE);

				SSLerr(SSL_F_SSL_CERT_DUP, ERR_R_MALLOC_FAILURE);

				return NULL;

				goto err;

				}

				}

			ret->pkeys[i].serverinfo_length =

			ret->pkeys[i].serverinfo_length =

				cert->pkeys[i].serverinfo_length;

				cert->pkeys[i].serverinfo_length;
@@ -403,28 +403,8 @@ CERT *ssl_cert_dup(CERT *cert) 




	return(ret);

	return(ret);

	

	

#if !defined(OPENSSL_NO_DH) || !defined(OPENSSL_NO_ECDH)

err:

err:

#endif

	ssl_cert_free(ret);

#ifndef OPENSSL_NO_RSA

	if (ret->rsa_tmp != NULL)

		RSA_free(ret->rsa_tmp);

#endif

#ifndef OPENSSL_NO_DH

	if (ret->dh_tmp != NULL)

		DH_free(ret->dh_tmp);

#endif

#ifndef OPENSSL_NO_ECDH

	if (ret->ecdh_tmp != NULL)

		EC_KEY_free(ret->ecdh_tmp);

#endif



#ifndef OPENSSL_NO_TLSEXT

	custom_exts_free(&ret->cli_ext);

	custom_exts_free(&ret->srv_ext);

#endif



	ssl_cert_clear_certs(ret);





	return NULL;

	return NULL;

	}

	}