projects / openssl.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: f08e803)
Don't leak resource on error in OCSP_url_svcloc_new
authorMatt Caswell <matt@openssl.org>
Wed, 27 Apr 2016 12:40:52 +0000 (13:40 +0100)
committerMatt Caswell <matt@openssl.org>
Thu, 28 Apr 2016 12:13:09 +0000 (13:13 +0100)
On error we could leak a ACCESS_DESCRIPTION and an ASN1_IA5STRING. Both
should be freed in the error path.

Reviewed-by: Richard Levitte <levitte@openssl.org>
crypto/ocsp/ocsp_ext.c patch | blob | history

diff --git a/crypto/ocsp/ocsp_ext.c b/crypto/ocsp/ocsp_ext.c
index 854da8e5c07591031262c742d0578c057505a476..030ddf9dccd05d61044f01f8031eb6d09133dcde 100644 (file)
--- a/crypto/ocsp/ocsp_ext.c
+++ b/crypto/ocsp/ocsp_ext.c
@@ -509,12 +509,16 @@ X509_EXTENSION *OCSP_url_svcloc_new(X509_NAME *issuer, char **urls)
             goto err;
         ad->location->type = GEN_URI;
         ad->location->d.ia5 = ia5;
+        ia5 = NULL;
         if (!sk_ACCESS_DESCRIPTION_push(sloc->locator, ad))
             goto err;
+        ad = NULL;
         urls++;
     }
     x = X509V3_EXT_i2d(NID_id_pkix_OCSP_serviceLocator, 0, sloc);
  err:
+    ASN1_IA5STRING_free(ia5);
+    ACCESS_DESCRIPTION_free(ad);
     OCSP_SERVICELOC_free(sloc);
     return x;
 }
Unnamed repository; edit this file 'description' to name the repository.