From ca0a7a9a4ebe9bb0f646930262f43372fa73254c Mon Sep 17 00:00:00 2001 From: Todd Short Date: Fri, 17 Feb 2017 11:36:13 -0500 Subject: [PATCH] Fix potential memory leak in ASN1_TIME_to_generalizedtime() If ret is allocated, it may be leaked on error. Reviewed-by: Tim Hudson Reviewed-by: Rich Salz (Merged from https://github.com/openssl/openssl/pull/2666) (cherry picked from commit 4483e23444fa18034344874ffbe67919207e9e47) --- crypto/asn1/a_time.c | 25 ++++++++++++++++--------- 1 file changed, 16 insertions(+), 9 deletions(-) diff --git a/crypto/asn1/a_time.c b/crypto/asn1/a_time.c index 3f82c2bc31..db82d297d2 100644 --- a/crypto/asn1/a_time.c +++ b/crypto/asn1/a_time.c @@ -62,7 +62,7 @@ int ASN1_TIME_check(const ASN1_TIME *t) ASN1_GENERALIZEDTIME *ASN1_TIME_to_generalizedtime(ASN1_TIME *t, ASN1_GENERALIZEDTIME **out) { - ASN1_GENERALIZEDTIME *ret; + ASN1_GENERALIZEDTIME *ret = NULL; char *str; int newlen; @@ -71,22 +71,20 @@ ASN1_GENERALIZEDTIME *ASN1_TIME_to_generalizedtime(ASN1_TIME *t, if (out == NULL || *out == NULL) { if ((ret = ASN1_GENERALIZEDTIME_new()) == NULL) - return NULL; - if (out) - *out = ret; + goto err; } else ret = *out; /* If already GeneralizedTime just copy across */ if (t->type == V_ASN1_GENERALIZEDTIME) { if (!ASN1_STRING_set(ret, t->data, t->length)) - return NULL; - return ret; + goto err; + goto done; } /* grow the string */ if (!ASN1_STRING_set(ret, NULL, t->length + 2)) - return NULL; + goto err; /* ASN1_STRING_set() allocated 'len + 1' bytes. */ newlen = t->length + 2 + 1; str = (char *)ret->data; @@ -96,11 +94,20 @@ ASN1_GENERALIZEDTIME *ASN1_TIME_to_generalizedtime(ASN1_TIME *t, else OPENSSL_strlcpy(str, "20", newlen); - OPENSSL_strlcat(str, (char *)t->data, newlen); + OPENSSL_strlcat(str, (const char *)t->data, newlen); - return ret; + done: + if (out != NULL && *out == NULL) + *out = ret; + return ret; + + err: + if (out == NULL || *out != ret) + ASN1_GENERALIZEDTIME_free(ret); + return NULL; } + int ASN1_TIME_set_string(ASN1_TIME *s, const char *str) { ASN1_TIME t; -- 2.25.1