Clear outputs in PKCS12_parse error handling.

Reviewed-by: Andy Polyakov <appro@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/4145)

diff --git a/crypto/pkcs12/p12_kiss.c b/crypto/pkcs12/p12_kiss.c
index 62f5d1ec17b975ad26fdeac65524bb6782d317b8..7ab98385a7b086990767c7ec4ffd6ee9401cddd5 100644 (file)
--- a/crypto/pkcs12/p12_kiss.c
+++ b/crypto/pkcs12/p12_kiss.c
@@ -34,6 +34,12 @@ int PKCS12_parse(PKCS12 *p12, const char *pass, EVP_PKEY **pkey, X509 **cert,
 {
     STACK_OF(X509) *ocerts = NULL;
     X509 *x = NULL;
+
+    if (pkey)
+        *pkey = NULL;
+    if (cert)
+        *cert = NULL;
+
     /* Check for NULL PKCS12 structure */
 
     if (!p12) {
@@ -42,11 +48,6 @@ int PKCS12_parse(PKCS12 *p12, const char *pass, EVP_PKEY **pkey, X509 **cert,
         return 0;
     }
 
-    if (pkey)
-        *pkey = NULL;
-    if (cert)
-        *cert = NULL;
-
     /* Check the mac */
 
     /*
@@ -75,7 +76,7 @@ int PKCS12_parse(PKCS12 *p12, const char *pass, EVP_PKEY **pkey, X509 **cert,
 
     if (!ocerts) {
         PKCS12err(PKCS12_F_PKCS12_PARSE, ERR_R_MALLOC_FAILURE);
-        return 0;
+        goto err;
     }
 
     if (!parse_pk12(p12, pass, -1, pkey, ocerts)) {
@@ -111,10 +112,14 @@ int PKCS12_parse(PKCS12 *p12, const char *pass, EVP_PKEY **pkey, X509 **cert,
 
  err:
 
-    if (pkey)
+    if (pkey) {
         EVP_PKEY_free(*pkey);
-    if (cert)
+        *pkey = NULL;
+    }
+    if (cert) {
         X509_free(*cert);
+        *cert = NULL;
+    }
     X509_free(x);
     sk_X509_pop_free(ocerts, X509_free);
     return 0;