fix potential memory leak + improved error checking

PR: 1182

diff --git a/crypto/x509v3/v3_cpols.c b/crypto/x509v3/v3_cpols.c
index 0d554f3a2c97f81b8595b186d033b8aa88ec2c5e..867525f336a19b00d250bc1484434ee27605f730 100644 (file)
--- a/crypto/x509v3/v3_cpols.c
+++ b/crypto/x509v3/v3_cpols.c
@@ -137,7 +137,15 @@ static STACK_OF(POLICYINFO) *r2i_certpol(X509V3_EXT_METHOD *method,
        CONF_VALUE *cnf;
        int i, ia5org;
        pols = sk_POLICYINFO_new_null();
+       if (pols == NULL) {
+               X509V3err(X509V3_F_R2I_CERTPOL, ERR_R_MALLOC_FAILURE);
+               return NULL;
+       }
        vals =  X509V3_parse_list(value);
+       if (vals == NULL) {
+               X509V3err(X509V3_F_R2I_CERTPOL, ERR_R_X509V3_LIB);
+               goto err;
+       }
        ia5org = 0;
        for(i = 0; i < sk_CONF_VALUE_num(vals); i++) {
                cnf = sk_CONF_VALUE_value(vals, i);
@@ -176,6 +184,7 @@ static STACK_OF(POLICYINFO) *r2i_certpol(X509V3_EXT_METHOD *method,
        sk_CONF_VALUE_pop_free(vals, X509V3_conf_free);
        return pols;
        err:
+       sk_CONF_VALUE_pop_free(vals, X509V3_conf_free);
        sk_POLICYINFO_pop_free(pols, POLICYINFO_free);
        return NULL;
 }