Commit ca96d389 authored by Dr. Stephen Henson's avatar Dr. Stephen Henson
Browse files

PR: 2251 

Submitted by: Ger Hobbelt <ger@hobbelt.com>
Approved by: steve@openssl.org

Memleak, BIO chain leak and realloc checks in v3_pci.c
parent 9f088669

crypto/x509v3/v3_pci.c

+27 −1
Original line number Diff line number Diff line
@@ -128,7 +128,12 @@ static int process_pci_value(CONF_VALUE *val, 
			unsigned char *tmp_data2 =

				string_to_hex(val->value + 4, &val_len);



			if (!tmp_data2) goto err;

			if (!tmp_data2) 

				{

				X509V3err(X509V3_F_PROCESS_PCI_VALUE,X509V3_R_ILLEGAL_HEX_DIGIT);

				X509V3_conf_err(val);

				goto err;

				}



			tmp_data = OPENSSL_realloc((*policy)->data,

				(*policy)->length + val_len + 1);
@@ -140,6 +145,17 @@ static int process_pci_value(CONF_VALUE *val, 
				(*policy)->length += val_len;

				(*policy)->data[(*policy)->length] = '\0';

				}

			else

				{

				OPENSSL_free(tmp_data2);

				/* realloc failure implies the original data space is b0rked too! */

				(*policy)->data = NULL;

				(*policy)->length = 0;

				X509V3err(X509V3_F_PROCESS_PCI_VALUE,ERR_R_MALLOC_FAILURE);

				X509V3_conf_err(val);

				goto err;

				}

			OPENSSL_free(tmp_data2);

			}

		else if (strncmp(val->value, "file:", 5) == 0)

			{
@@ -169,6 +185,7 @@ static int process_pci_value(CONF_VALUE *val, 
				(*policy)->length += n;

				(*policy)->data[(*policy)->length] = '\0';

				}

			BIO_free_all(b);



			if (n < 0)

				{
@@ -190,6 +207,15 @@ static int process_pci_value(CONF_VALUE *val, 
				(*policy)->length += val_len;

				(*policy)->data[(*policy)->length] = '\0';

				}

			else

				{

				/* realloc failure implies the original data space is b0rked too! */

				(*policy)->data = NULL;

				(*policy)->length = 0;

				X509V3err(X509V3_F_PROCESS_PCI_VALUE,ERR_R_MALLOC_FAILURE);

				X509V3_conf_err(val);

				goto err;

				}

			}

		else

			{