Fix some resource leaks in the apps

Reviewed-by: Tim Hudson <tjh@openssl.org>

diff --git a/apps/cms.c b/apps/cms.c
index 52186d2c03ad31de23a4bba8242da13f711d7f24..9c41a97ec52f9a8bad1ddc45d90cfea47487669e 100644 (file)
--- a/apps/cms.c
+++ b/apps/cms.c
@@ -412,6 +412,11 @@ int cms_main(int argc, char **argv)
             noout = print = 1;
             break;
         case OPT_SECRETKEY:
+            if (secret_key != NULL) {
+                /* Cannot be supplied twice */
+                BIO_printf(bio_err, "Invalid key %s\n", opt_arg());
+                goto opthelp;
+            }
             secret_key = OPENSSL_hexstr2buf(opt_arg(), &ltmp);
             if (secret_key == NULL) {
                 BIO_printf(bio_err, "Invalid key %s\n", opt_arg());
@@ -420,6 +425,11 @@ int cms_main(int argc, char **argv)
             secret_keylen = (size_t)ltmp;
             break;
         case OPT_SECRETKEYID:
+            if (secret_keyid != NULL) {
+                /* Cannot be supplied twice */
+                BIO_printf(bio_err, "Invalid id %s\n", opt_arg());
+                goto opthelp;
+            }
             secret_keyid = OPENSSL_hexstr2buf(opt_arg(), &ltmp);
             if (secret_keyid == NULL) {
                 BIO_printf(bio_err, "Invalid id %s\n", opt_arg());
@@ -431,6 +441,11 @@ int cms_main(int argc, char **argv)
             pwri_pass = (unsigned char *)opt_arg();
             break;
         case OPT_ECONTENT_TYPE:
+            if (econtent_type != NULL) {
+                /* Cannot be supplied twice */
+                BIO_printf(bio_err, "Invalid OID %s\n", opt_arg());
+                goto opthelp;
+            }
             econtent_type = OBJ_txt2obj(opt_arg(), 0);
             if (econtent_type == NULL) {
                 BIO_printf(bio_err, "Invalid OID %s\n", opt_arg());

diff --git a/apps/req.c b/apps/req.c
index 26661245464c6ca9bea16d233091d270e6f1549b..fb37f7dfecbfa377bf4c7d27095707053dff9637 100644 (file)
--- a/apps/req.c
+++ b/apps/req.c
@@ -295,6 +295,10 @@ int req_main(int argc, char **argv)
             days = atoi(opt_arg());
             break;
         case OPT_SET_SERIAL:
+            if (serial != NULL) {
+                /* Cannot be supplied twice */
+                goto opthelp;
+            }
             serial = s2i_ASN1_INTEGER(NULL, opt_arg());
             if (serial == NULL)
                 goto opthelp;

diff --git a/apps/spkac.c b/apps/spkac.c
index b6fc46dfc26f80329aab8012b4bac7d3a8a16b2b..a365406d7a593182b16a2da9771f9446a1c7eef3 100644 (file)
--- a/apps/spkac.c
+++ b/apps/spkac.c
@@ -130,8 +130,10 @@ int spkac_main(int argc, char **argv)
         spkstr = NETSCAPE_SPKI_b64_encode(spki);
 
         out = bio_open_default(outfile, 'w', FORMAT_TEXT);
-        if (out == NULL)
+        if (out == NULL) {
+            OPENSSL_free(spkstr);
             goto end;
+        }
         BIO_printf(out, "SPKAC=%s\n", spkstr);
         OPENSSL_free(spkstr);
         ret = 0;

diff --git a/apps/x509.c b/apps/x509.c
index 05aa5547cd9f34243eb1c4e2d7d62a6510326b43..9e5101259f158bf67920e3bced7b77d407641e64 100644 (file)
--- a/apps/x509.c
+++ b/apps/x509.c
@@ -261,6 +261,10 @@ int x509_main(int argc, char **argv)
             CAserial = opt_arg();
             break;
         case OPT_SET_SERIAL:
+            if (sno != NULL) {
+                /* Cannot be supplied twice */
+                goto opthelp;
+            }
             if ((sno = s2i_ASN1_INTEGER(NULL, opt_arg())) == NULL)
                 goto opthelp;
             break;