Fix an error path leak in do_ext_nconf()

Reviewed-by: Rich Salz <rsalz@openssl.org>
author: Matt Caswell <matt@openssl.org> 2016-06-10 15:30:09 +0100
committer: Matt Caswell <matt@openssl.org> 2016-06-10 16:42:05 +0100
commit: 8605abf13523579ecab8b1f2a4bcb8354d94af79 (patch)
tree: 17e3211d124083c477af4f2b440c0d7b6fd2bf31 /crypto/x509v3/v3_conf.c
parent: e68a780ed698cd7839d38bf3851974fc1d23e00d (diff)
download: openssl-8605abf13523579ecab8b1f2a4bcb8354d94af79.zip
openssl-8605abf13523579ecab8b1f2a4bcb8354d94af79.tar.gz
openssl-8605abf13523579ecab8b1f2a4bcb8354d94af79.tar.bz2
1 files changed, 3 insertions, 1 deletions
diff --git a/crypto/x509v3/v3_conf.c b/crypto/x509v3/v3_conf.c
index bc06e31..4e118c1 100644
--- a/crypto/x509v3/v3_conf.c
+++ b/crypto/x509v3/v3_conf.c
@@ -88,11 +88,13 @@ static X509_EXTENSION *do_ext_nconf(CONF *conf, X509V3_CTX *ctx, int ext_nid,
             nval = NCONF_get_section(conf, value + 1);
         else
             nval = X509V3_parse_list(value);
-        if (sk_CONF_VALUE_num(nval) <= 0) {
+        if (nval == NULL || sk_CONF_VALUE_num(nval) <= 0) {
             X509V3err(X509V3_F_DO_EXT_NCONF,
                       X509V3_R_INVALID_EXTENSION_STRING);
             ERR_add_error_data(4, "name=", OBJ_nid2sn(ext_nid), ",section=",
                                value);
+            if (*value != '@')
+                sk_CONF_VALUE_free(nval);
             return NULL;
         }
         ext_struc = method->v2i(method, ctx, nval);
author	Matt Caswell <matt@openssl.org>	2016-06-10 15:30:09 +0100
committer	Matt Caswell <matt@openssl.org>	2016-06-10 16:42:05 +0100
commit	8605abf13523579ecab8b1f2a4bcb8354d94af79 (patch)
tree	17e3211d124083c477af4f2b440c0d7b6fd2bf31 /crypto/x509v3/v3_conf.c
parent	e68a780ed698cd7839d38bf3851974fc1d23e00d (diff)
download	openssl-8605abf13523579ecab8b1f2a4bcb8354d94af79.zip openssl-8605abf13523579ecab8b1f2a4bcb8354d94af79.tar.gz openssl-8605abf13523579ecab8b1f2a4bcb8354d94af79.tar.bz2