Partly fixes #13754
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/13755)
X509 *d2i_X509(X509 **a, const unsigned char **in, long len)
{
X509 *cert = NULL;
+ int free_on_error = a != NULL && *a == NULL;
cert = (X509 *)ASN1_item_d2i((ASN1_VALUE **)a, in, len, (X509_it()));
/* Only cache the extensions if the cert object was passed in */
if (cert != NULL && a != NULL) {
- if (!x509v3_cache_extensions(cert))
+ if (!x509v3_cache_extensions(cert)) {
+ if (free_on_error)
+ X509_free(cert);
cert = NULL;
+ }
}
return cert;
}