do_dirname: Don't change gen on failures
It would set gen->d.dirn to a freed pointer in case X509V3_NAME_from_section failed. Reviewed-by: Rich Salz <rsalz@openssl.org>
This commit is contained in:
parent
f49baeff50
commit
8ec5c5dd36
1 changed files with 10 additions and 8 deletions
|
@ -586,24 +586,26 @@ static int do_othername(GENERAL_NAME *gen, char *value, X509V3_CTX *ctx)
|
|||
|
||||
static int do_dirname(GENERAL_NAME *gen, char *value, X509V3_CTX *ctx)
|
||||
{
|
||||
int ret;
|
||||
STACK_OF(CONF_VALUE) *sk;
|
||||
X509_NAME *nm;
|
||||
int ret = 0;
|
||||
STACK_OF(CONF_VALUE) *sk = NULL;
|
||||
X509_NAME *nm = NULL;
|
||||
if (!(nm = X509_NAME_new()))
|
||||
return 0;
|
||||
goto err;
|
||||
sk = X509V3_get_section(ctx, value);
|
||||
if (!sk) {
|
||||
X509V3err(X509V3_F_DO_DIRNAME, X509V3_R_SECTION_NOT_FOUND);
|
||||
ERR_add_error_data(2, "section=", value);
|
||||
X509_NAME_free(nm);
|
||||
return 0;
|
||||
goto err;
|
||||
}
|
||||
/* FIXME: should allow other character types... */
|
||||
ret = X509V3_NAME_from_section(nm, sk, MBSTRING_ASC);
|
||||
if (!ret)
|
||||
X509_NAME_free(nm);
|
||||
goto err;
|
||||
gen->d.dirn = nm;
|
||||
X509V3_section_free(ctx, sk);
|
||||
|
||||
err:
|
||||
if (ret == 0)
|
||||
X509_NAME_free(nm);
|
||||
X509V3_section_free(ctx, sk);
|
||||
return ret;
|
||||
}
|
||||
|
|
Loading…
Reference in a new issue