diff options
author | Richard Levitte <levitte@openssl.org> | 2017-07-05 11:03:34 +0200 |
---|---|---|
committer | Richard Levitte <levitte@openssl.org> | 2017-07-05 11:14:07 +0200 |
commit | 67f060acefae34d820ccdb2f560d86ed10633500 (patch) | |
tree | 0def3390a160407f79757d2270ec454a073cc97b /crypto/x509v3 | |
parent | efc21a513f1c5227cb56372fa65270f49d234b09 (diff) | |
download | openssl-67f060acefae34d820ccdb2f560d86ed10633500.zip openssl-67f060acefae34d820ccdb2f560d86ed10633500.tar.gz openssl-67f060acefae34d820ccdb2f560d86ed10633500.tar.bz2 |
Avoid possible memleak in X509_policy_check()
When tree_calculate_user_set() fails, a jump to error failed to
deallocate a possibly allocated |auth_nodes|.
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/3850)
Diffstat (limited to 'crypto/x509v3')
-rw-r--r-- | crypto/x509v3/pcy_tree.c | 10 |
1 files changed, 7 insertions, 3 deletions
diff --git a/crypto/x509v3/pcy_tree.c b/crypto/x509v3/pcy_tree.c index 9f9246b..b3d1983 100644 --- a/crypto/x509v3/pcy_tree.c +++ b/crypto/x509v3/pcy_tree.c @@ -638,6 +638,7 @@ int X509_policy_check(X509_POLICY_TREE **ptree, int *pexplicit_policy, { int init_ret; int ret; + int calc_ret; X509_POLICY_TREE *tree = NULL; STACK_OF(X509_POLICY_NODE) *nodes, *auth_nodes = NULL; @@ -675,11 +676,14 @@ int X509_policy_check(X509_POLICY_TREE **ptree, int *pexplicit_policy, } /* Tree is not empty: continue */ - if ((ret = tree_calculate_authority_set(tree, &auth_nodes)) == 0 || - !tree_calculate_user_set(tree, policy_oids, auth_nodes)) + + if ((calc_ret = tree_calculate_authority_set(tree, &auth_nodes)) == 0) goto error; - if (ret == TREE_CALC_OK_DOFREE) + ret = tree_calculate_user_set(tree, policy_oids, auth_nodes); + if (calc_ret == TREE_CALC_OK_DOFREE) sk_X509_POLICY_NODE_free(auth_nodes); + if (!ret) + goto error; *ptree = tree; |