diff options
author | Viktor Dukhovni <openssl-users@dukhovni.org> | 2024-03-27 18:15:29 -0400 |
---|---|---|
committer | Tomas Mraz <tomas@openssl.org> | 2024-05-08 10:53:54 +0200 |
commit | 7cbca5a6d6e792c75c414e1f3fb22e2afae67988 (patch) | |
tree | e7ecea98b1a98a06cced60ee4bee06695632e3f8 /test | |
parent | deaa83af700113c99835a1db7d45d33baba05bd3 (diff) | |
download | openssl-7cbca5a6d6e792c75c414e1f3fb22e2afae67988.zip openssl-7cbca5a6d6e792c75c414e1f3fb22e2afae67988.tar.gz openssl-7cbca5a6d6e792c75c414e1f3fb22e2afae67988.tar.bz2 |
Avoid memory leak in x509_test error path
Fixes #23897
Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23991)
Diffstat (limited to 'test')
-rw-r--r-- | test/v3ext.c | 15 |
1 files changed, 12 insertions, 3 deletions
diff --git a/test/v3ext.c b/test/v3ext.c index 3cd6ee6..5ebdef2 100644 --- a/test/v3ext.c +++ b/test/v3ext.c @@ -269,17 +269,20 @@ static int test_addr_fam_len(void) goto end; if (!ASN1_OCTET_STRING_set(f1->addressFamily, key, keylen)) goto end; + + /* Push and transfer memory ownership to stack */ if (!sk_IPAddressFamily_push(addr, f1)) goto end; + f1 = NULL; /* Shouldn't be able to canonize this as the len is > 3*/ if (!TEST_false(X509v3_addr_canonize(addr))) goto end; - /* Create a well formed IPAddressFamily */ - f1 = sk_IPAddressFamily_pop(addr); - IPAddressFamily_free(f1); + /* Pop and free the new stack element */ + IPAddressFamily_free(sk_IPAddressFamily_pop(addr)); + /* Create a well-formed IPAddressFamily */ key[0] = (afi >> 8) & 0xFF; key[1] = afi & 0xFF; key[2] = 0x1; @@ -297,8 +300,11 @@ static int test_addr_fam_len(void) /* Mark this as inheritance so we skip some of the is_canonize checks */ f1->ipAddressChoice->type = IPAddressChoice_inherit; + + /* Push and transfer memory ownership to stack */ if (!sk_IPAddressFamily_push(addr, f1)) goto end; + f1 = NULL; /* Should be able to canonize now */ if (!TEST_true(X509v3_addr_canonize(addr))) @@ -306,7 +312,10 @@ static int test_addr_fam_len(void) testresult = 1; end: + /* Free stack and any memory owned by detached element */ + IPAddressFamily_free(f1); sk_IPAddressFamily_pop_free(addr, IPAddressFamily_free); + ASN1_OCTET_STRING_free(ip1); ASN1_OCTET_STRING_free(ip2); return testresult; |