Fix: some patches related to error exiting

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17417)

diff --git a/apps/verify.c b/apps/verify.c
index 24bbebf3f399f215f0fe98408f21479eaaa4f794..d504acd5b81ac04f4662594175ec76b8162ed6b6 100644 (file)
--- a/apps/verify.c
+++ b/apps/verify.c
@@ -263,6 +263,7 @@ static int check(X509_STORE *ctx, const char *file,
             if (x509_ctrl_string(x, opt) <= 0) {
                 BIO_printf(bio_err, "parameter error \"%s\"\n", opt);
                 ERR_print_errors(bio_err);
+                X509_free(x);
                 return 0;
             }
         }

diff --git a/crypto/ec/ec_lib.c b/crypto/ec/ec_lib.c
index 3d3cf9696204fb6deddbbb23b2275531378e1c33..2d85d4f23a2d888805d36480a86d55d66f9950e9 100644 (file)
--- a/crypto/ec/ec_lib.c
+++ b/crypto/ec/ec_lib.c
@@ -1710,8 +1710,8 @@ EC_GROUP *EC_GROUP_new_from_params(const OSSL_PARAM params[],
         ptmp = OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_EC_ENCODING);
         if (ptmp != NULL
             && !ossl_ec_encoding_param2id(ptmp, &encoding_flag)) {
-            ECerr(0, EC_R_INVALID_ENCODING);
-            return 0;
+            ERR_raise(ERR_LIB_EC, EC_R_INVALID_ENCODING);
+            goto err;
         }
         if (encoding_flag == OPENSSL_EC_NAMED_CURVE) {
             ERR_raise(ERR_LIB_EC, EC_R_INVALID_ENCODING);

diff --git a/crypto/objects/obj_dat.c b/crypto/objects/obj_dat.c
index eef80d63ce43825d776825c6fab5dcb9cc50f348..26d2508e86d4a7d0fa0f17ddacc243553ef8bb87 100644 (file)
--- a/crypto/objects/obj_dat.c
+++ b/crypto/objects/obj_dat.c
@@ -747,16 +747,17 @@ int OBJ_create(const char *oid, const char *sn, const char *ln)
     if ((sn != NULL && OBJ_sn2nid(sn) != NID_undef)
             || (ln != NULL && OBJ_ln2nid(ln) != NID_undef)) {
         ERR_raise(ERR_LIB_OBJ, OBJ_R_OID_EXISTS);
-        goto err;
+        return 0;
     }
 
     /* Convert numerical OID string to an ASN1_OBJECT structure */
     tmpoid = OBJ_txt2obj(oid, 1);
     if (tmpoid == NULL)
-        goto err;
+        return 0;
 
     if (!ossl_obj_write_lock(1)) {
         ERR_raise(ERR_LIB_OBJ, ERR_R_UNABLE_TO_GET_WRITE_LOCK);
+        ASN1_OBJECT_free(tmpoid);
         return 0;
     }
 

diff --git a/crypto/x509/v3_crld.c b/crypto/x509/v3_crld.c
index b831f775db42859a84075b648eaca2e0f4b7e252..0f239ca5682f2e746ae16b25575e27465ff49b8a 100644 (file)
--- a/crypto/x509/v3_crld.c
+++ b/crypto/x509/v3_crld.c
@@ -83,6 +83,7 @@ static int set_dist_point_name(DIST_POINT_NAME **pdp, X509V3_CTX *ctx,
             return -1;
         dnsect = X509V3_get_section(ctx, cnf->value);
         if (!dnsect) {
+            X509_NAME_free(nm);
             ERR_raise(ERR_LIB_X509V3, X509V3_R_SECTION_NOT_FOUND);
             return -1;
         }

diff --git a/crypto/x509/v3_sxnet.c b/crypto/x509/v3_sxnet.c
index 4b19ce07d5389a86cf5bbcf158944a93a49f7480..9d4113386aec193a2d325392f9bb01e315afdeef 100644 (file)
--- a/crypto/x509/v3_sxnet.c
+++ b/crypto/x509/v3_sxnet.c
@@ -167,11 +167,12 @@ int SXNET_add_id_INTEGER(SXNET **psx, ASN1_INTEGER *zone, const char *user,
             goto err;
         if (!ASN1_INTEGER_set(sx->version, 0))
             goto err;
-        *psx = sx;
     } else
         sx = *psx;
     if (SXNET_get_id_INTEGER(sx, zone)) {
         ERR_raise(ERR_LIB_X509V3, X509V3_R_DUPLICATE_ZONE_ID);
+        if (*psx == NULL)
+            SXNET_free(sx);
         return 0;
     }
 
@@ -183,13 +184,14 @@ int SXNET_add_id_INTEGER(SXNET **psx, ASN1_INTEGER *zone, const char *user,
     if (!sk_SXNETID_push(sx->ids, id))
         goto err;
     id->zone = zone;
+    *psx = sx;
     return 1;
 
  err:
     ERR_raise(ERR_LIB_X509V3, ERR_R_MALLOC_FAILURE);
     SXNETID_free(id);
-    SXNET_free(sx);
-    *psx = NULL;
+    if (*psx == NULL)
+        SXNET_free(sx);
     return 0;
 }
 

diff --git a/ssl/statem/statem_clnt.c b/ssl/statem/statem_clnt.c
index b7e40e6db82185346bb49f7aa53e545bd3241fd9..05f915bd91333bb1ea5356a14675b341de7b9534 100644 (file)
--- a/ssl/statem/statem_clnt.c
+++ b/ssl/statem/statem_clnt.c
@@ -2926,7 +2926,7 @@ static int tls_construct_cke_dhe(SSL *s, WPACKET *pkt)
     encoded_pub_len = EVP_PKEY_get1_encoded_public_key(ckey, &encoded_pub);
     if (encoded_pub_len == 0) {
         SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR);
-        EVP_PKEY_free(skey);
+        EVP_PKEY_free(ckey);
         return EXT_RETURN_FAIL;
     }
 

diff --git a/test/evp_test.c b/test/evp_test.c
index 6ae862b04403a20e6c467f3f46ea7c261d35cb10..d068d6fa8e84180ede1e2e677e73cf6a8409cf1f 100644 (file)
--- a/test/evp_test.c
+++ b/test/evp_test.c
@@ -2510,7 +2510,7 @@ static int rand_test_run(EVP_TEST *t)
                             item->pr_entropyB_len);
             params[1] = OSSL_PARAM_construct_end();
             if (!TEST_true(EVP_RAND_CTX_set_params(expected->parent, params)))
-                return 0;
+                goto err;
         }
         if (!TEST_true(EVP_RAND_generate
                            (expected->ctx, got, got_len,