process_pci_value: free (*policy)->data before setting to NULL after failed realloc
authorJonas Maebe <jonas.maebe@elis.ugent.be>
Sun, 8 Dec 2013 21:48:28 +0000 (22:48 +0100)
committerKurt Roeckx <kurt@roeckx.be>
Sun, 17 Aug 2014 16:56:35 +0000 (18:56 +0200)
Signed-off-by: Kurt Roeckx <kurt@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
crypto/x509v3/v3_pci.c

index 0dcfa00..438cdfe 100644 (file)
@@ -149,6 +149,7 @@ static int process_pci_value(CONF_VALUE *val,
                                {
                                OPENSSL_free(tmp_data2);
                                /* realloc failure implies the original data space is b0rked too! */
+                               OPENSSL_free((*policy)->data);
                                (*policy)->data = NULL;
                                (*policy)->length = 0;
                                X509V3err(X509V3_F_PROCESS_PCI_VALUE,ERR_R_MALLOC_FAILURE);
@@ -177,7 +178,15 @@ static int process_pci_value(CONF_VALUE *val,
                                        (*policy)->length + n + 1);
 
                                if (!tmp_data)
-                                       break;
+                               {
+                                       OPENSSL_free((*policy)->data);
+                                       (*policy)->data = NULL;
+                                       (*policy)->length = 0;
+                                       X509V3err(X509V3_F_PROCESS_PCI_VALUE,ERR_R_MALLOC_FAILURE);
+                                       X509V3_conf_err(val);
+                                       BIO_free_all(b);
+                                       goto err;
+                               }
 
                                (*policy)->data = tmp_data;
                                memcpy(&(*policy)->data[(*policy)->length],
@@ -210,6 +219,7 @@ static int process_pci_value(CONF_VALUE *val,
                        else
                                {
                                /* realloc failure implies the original data space is b0rked too! */
+                               OPENSSL_free((*policy)->data);
                                (*policy)->data = NULL;
                                (*policy)->length = 0;
                                X509V3err(X509V3_F_PROCESS_PCI_VALUE,ERR_R_MALLOC_FAILURE);