wbrawner/openssl
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Avoid possible memleak in X509_policy_check()

Browse source 
When tree_calculate_user_set() fails, a jump to error failed to
deallocate a possibly allocated |auth_nodes|.

Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/3850)
This commit is contained in:
Richard Levitte 2017-07-05 11:03:34 +02:00
parent efc21a513f
commit 67f060acef
1 changed files with 7 additions and 3 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

10
crypto/x509v3/pcy_tree.c
View file

@ -638,6 +638,7 @@ int X509_policy_check(X509_POLICY_TREE **ptree, int *pexplicit_policy,
{
int init_ret;
int ret;
int calc_ret;
X509_POLICY_TREE *tree = NULL;
STACK_OF(X509_POLICY_NODE) *nodes, *auth_nodes = NULL;
@ -675,11 +676,14 @@ int X509_policy_check(X509_POLICY_TREE **ptree, int *pexplicit_policy,
}
/* Tree is not empty: continue */
if ((ret = tree_calculate_authority_set(tree, &auth_nodes)) == 0 ||
!tree_calculate_user_set(tree, policy_oids, auth_nodes))
if ((calc_ret = tree_calculate_authority_set(tree, &auth_nodes)) == 0)
goto error;
if (ret == TREE_CALC_OK_DOFREE)
ret = tree_calculate_user_set(tree, policy_oids, auth_nodes);
if (calc_ret == TREE_CALC_OK_DOFREE)
sk_X509_POLICY_NODE_free(auth_nodes);
if (!ret)
goto error;
*ptree = tree;