From 02f730b34706150f8f40715d647cce3be5baf2ab Mon Sep 17 00:00:00 2001 From: mrpre Date: Sat, 2 Jul 2016 11:49:43 +0800 Subject: [PATCH] Cleanup after sk_push fail Reviewed-by: Kurt Roeckx Reviewed-by: Rich Salz (Merged from https://github.com/openssl/openssl/pull/1281) --- crypto/x509/x_name.c | 18 +++++++++++++++++- 1 file changed, 17 insertions(+), 1 deletion(-) diff --git a/crypto/x509/x_name.c b/crypto/x509/x_name.c index d5b12f1421..ebb66a1aef 100644 --- a/crypto/x509/x_name.c +++ b/crypto/x509/x_name.c @@ -173,12 +173,26 @@ static int x509_name_ex_d2i(ASN1_VALUE **val, for (j = 0; j < sk_X509_NAME_ENTRY_num(entries); j++) { entry = sk_X509_NAME_ENTRY_value(entries, j); entry->set = i; - if (!sk_X509_NAME_ENTRY_push(nm.x->entries, entry)) + if (!sk_X509_NAME_ENTRY_push(nm.x->entries, entry)) { + /* + * Free all in entries if sk_X509_NAME_ENTRY_push return failure. + * X509_NAME_ENTRY_free will check the null entry. + */ + sk_X509_NAME_ENTRY_pop_free(entries, X509_NAME_ENTRY_free); goto err; + } + /* + * If sk_X509_NAME_ENTRY_push return success, clean the entries[j]. + * It's necessary when 'goto err;' happens. + */ + sk_X509_NAME_ENTRY_set(entries, j, NULL); } sk_X509_NAME_ENTRY_free(entries); + sk_STACK_OF_X509_NAME_ENTRY_set(intname.s, i, NULL); } + sk_STACK_OF_X509_NAME_ENTRY_free(intname.s); + intname.s = NULL; ret = x509_name_canon(nm.x); if (!ret) goto err; @@ -186,8 +200,10 @@ static int x509_name_ex_d2i(ASN1_VALUE **val, *val = nm.a; *in = p; return ret; + err: X509_NAME_free(nm.x); + sk_STACK_OF_X509_NAME_ENTRY_pop_free(intname.s, sk_X509_NAME_ENTRY_free); ASN1err(ASN1_F_X509_NAME_EX_D2I, ERR_R_NESTED_ASN1_ERROR); return 0; } -- 2.25.1