projects / oweals / openssl.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 6493e48)
Don't leak X509_OBJECT in an error path
authorMatt Caswell <matt@openssl.org>
Tue, 26 Apr 2016 17:25:39 +0000 (18:25 +0100)
committerMatt Caswell <matt@openssl.org>
Wed, 1 Jun 2016 13:51:36 +0000 (14:51 +0100)
Swap the ordering of some code to avoid a leak in an error path.

Reviewed-by: Richard Levitte <levitte@openssl.org>
apps/s_server.c patch | blob | history

diff --git a/apps/s_server.c b/apps/s_server.c
index 08753c30fdb337acc144fbf9f75f48f033debd37..c998fcdebcc17d48ab4f35986660aea997a7ca7f 100644 (file)
--- a/apps/s_server.c
+++ b/apps/s_server.c
@@ -576,13 +576,13 @@ static int cert_status_cb(SSL *s, void *arg)
         BIO_puts(bio_err, "cert_status: Can't retrieve issuer certificate.\n");
         goto done;
     }
-    req = OCSP_REQUEST_new();
-    if (req == NULL)
-        goto err;
     id = OCSP_cert_to_id(NULL, x, X509_OBJECT_get0_X509(obj));
     X509_OBJECT_free(obj);
     if (!id)
         goto err;
+    req = OCSP_REQUEST_new();
+    if (req == NULL)
+        goto err;
     if (!OCSP_request_add0_id(req, id))
         goto err;
     id = NULL;
Unnamed repository; edit this file 'description' to name the repository.