do_ext_i2d: free ext_der or ext_oct on error path

Signed-off-by: Kurt Roeckx <kurt@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>

diff --git a/crypto/x509v3/v3_conf.c b/crypto/x509v3/v3_conf.c
index b570b6e592057eef4fd5c549fb271c33102f942f..6e9beeffed70c15752b1c3fa461928e1778b5fd9 100644 (file)
--- a/crypto/x509v3/v3_conf.c
+++ b/crypto/x509v3/v3_conf.c
@@ -175,9 +175,9 @@ static X509_EXTENSION *do_ext_nconf(CONF *conf, X509V3_CTX *ctx, int ext_nid,
 static X509_EXTENSION *do_ext_i2d(const X509V3_EXT_METHOD *method, int ext_nid,
                                  int crit, void *ext_struc)
        {
-       unsigned char *ext_der;
+       unsigned char *ext_der = NULL;
        int ext_len;
-       ASN1_OCTET_STRING *ext_oct;
+       ASN1_OCTET_STRING *ext_oct = NULL;
        X509_EXTENSION *ext;
        /* Convert internal representation to DER */
        if (method->it)
@@ -196,6 +196,7 @@ static X509_EXTENSION *do_ext_i2d(const X509V3_EXT_METHOD *method, int ext_nid,
                }
        if (!(ext_oct = M_ASN1_OCTET_STRING_new())) goto merr;
        ext_oct->data = ext_der;
+       ext_der = NULL;
        ext_oct->length = ext_len;
 
        ext = X509_EXTENSION_create_by_NID(NULL, ext_nid, crit, ext_oct);
@@ -206,6 +207,10 @@ static X509_EXTENSION *do_ext_i2d(const X509V3_EXT_METHOD *method, int ext_nid,
 
        merr:
        X509V3err(X509V3_F_DO_EXT_I2D,ERR_R_MALLOC_FAILURE);
+       if (ext_der != NULL)
+               OPENSSL_free(ext_der);
+       if (ext_oct != NULL)
+               M_ASN1_OCTET_STRING_free(ext_oct);
        return NULL;
 
        }