PR: 627
authorDr. Stephen Henson <steve@openssl.org>
Wed, 28 May 2003 17:28:11 +0000 (17:28 +0000)
committerDr. Stephen Henson <steve@openssl.org>
Wed, 28 May 2003 17:28:11 +0000 (17:28 +0000)
Allocate certificatePolicies correctly if CPS field is absent.

Fix various memory leaks in certificatePolicies.

crypto/x509v3/v3_cpols.c

index 0d4ab1f..0d554f3 100644 (file)
@@ -73,7 +73,7 @@ static POLICYINFO *policy_section(X509V3_CTX *ctx,
                                 STACK_OF(CONF_VALUE) *polstrs, int ia5org);
 static POLICYQUALINFO *notice_section(X509V3_CTX *ctx,
                                        STACK_OF(CONF_VALUE) *unot, int ia5org);
-static STACK_OF(ASN1_INTEGER) *nref_nos(STACK_OF(CONF_VALUE) *nos);
+static int nref_nos(STACK_OF(ASN1_INTEGER) *nnums, STACK_OF(CONF_VALUE) *nos);
 
 X509V3_EXT_METHOD v3_cpols = {
 NID_certificate_policies, 0,ASN1_ITEM_ref(CERTIFICATEPOLICIES),
@@ -226,6 +226,8 @@ static POLICYINFO *policy_section(X509V3_CTX *ctx,
                        qual = notice_section(ctx, unot, ia5org);
                        X509V3_section_free(ctx, unot);
                        if(!qual) goto err;
+                       if(!pol->qualifiers) pol->qualifiers =
+                                                sk_POLICYQUALINFO_new_null();
                        if(!sk_POLICYQUALINFO_push(pol->qualifiers, qual))
                                                                 goto merr;
                } else {
@@ -255,7 +257,7 @@ static POLICYINFO *policy_section(X509V3_CTX *ctx,
 static POLICYQUALINFO *notice_section(X509V3_CTX *ctx,
                                        STACK_OF(CONF_VALUE) *unot, int ia5org)
 {
-       int i;
+       int i, ret;
        CONF_VALUE *cnf;
        USERNOTICE *not;
        POLICYQUALINFO *qual;
@@ -275,8 +277,8 @@ static POLICYQUALINFO *notice_section(X509V3_CTX *ctx,
                                if(!(nref = NOTICEREF_new())) goto merr;
                                not->noticeref = nref;
                        } else nref = not->noticeref;
-                       if(ia5org) nref->organization = M_ASN1_IA5STRING_new();
-                       else nref->organization = M_ASN1_VISIBLESTRING_new();
+                       if(ia5org) nref->organization->type = V_ASN1_IA5STRING;
+                       else nref->organization->type = V_ASN1_VISIBLESTRING;
                        if(!ASN1_STRING_set(nref->organization, cnf->value,
                                                 strlen(cnf->value))) goto merr;
                } else if(!strcmp(cnf->name, "noticeNumbers")) {
@@ -292,12 +294,12 @@ static POLICYQUALINFO *notice_section(X509V3_CTX *ctx,
                                X509V3_conf_err(cnf);
                                goto err;
                        }
-                       nref->noticenos = nref_nos(nos);
+                       ret = nref_nos(nref->noticenos, nos);
                        sk_CONF_VALUE_pop_free(nos, X509V3_conf_free);
-                       if(!nref->noticenos) goto err;
+                       if (!ret)
+                               goto err;
                } else {
                        X509V3err(X509V3_F_NOTICE_SECTION,X509V3_R_INVALID_OPTION);
-
                        X509V3_conf_err(cnf);
                        goto err;
                }
@@ -319,15 +321,13 @@ static POLICYQUALINFO *notice_section(X509V3_CTX *ctx,
        return NULL;
 }
 
-static STACK_OF(ASN1_INTEGER) *nref_nos(STACK_OF(CONF_VALUE) *nos)
+static int nref_nos(STACK_OF(ASN1_INTEGER) *nnums, STACK_OF(CONF_VALUE) *nos)
 {
-       STACK_OF(ASN1_INTEGER) *nnums;
        CONF_VALUE *cnf;
        ASN1_INTEGER *aint;
 
        int i;
 
-       if(!(nnums = sk_ASN1_INTEGER_new_null())) goto merr;
        for(i = 0; i < sk_CONF_VALUE_num(nos); i++) {
                cnf = sk_CONF_VALUE_value(nos, i);
                if(!(aint = s2i_ASN1_INTEGER(NULL, cnf->name))) {
@@ -336,14 +336,14 @@ static STACK_OF(ASN1_INTEGER) *nref_nos(STACK_OF(CONF_VALUE) *nos)
                }
                if(!sk_ASN1_INTEGER_push(nnums, aint)) goto merr;
        }
-       return nnums;
+       return 1;
 
        merr:
        X509V3err(X509V3_F_NOTICE_SECTION,ERR_R_MALLOC_FAILURE);
 
        err:
        sk_ASN1_INTEGER_pop_free(nnums, ASN1_STRING_free);
-       return NULL;
+       return 0;
 }