Fix an error path leak in do_ext_nconf()

author Matt Caswell <matt@openssl.org>

Fri, 10 Jun 2016 14:30:09 +0000 (15:30 +0100)

committer Matt Caswell <matt@openssl.org>

Fri, 10 Jun 2016 15:42:05 +0000 (16:42 +0100)
author Matt Caswell <matt@openssl.org>
Fri, 10 Jun 2016 14:30:09 +0000 (15:30 +0100)
committer Matt Caswell <matt@openssl.org>
Fri, 10 Jun 2016 15:42:05 +0000 (16:42 +0100)
diff --git a/crypto/x509v3/v3_conf.c b/crypto/x509v3/v3_conf.c

index bc06e31af516310fc40dadf714e9aeb350527e95..4e118c10ab5650cb890be542520056c7328c7759 100644 (file)
--- a/crypto/x509v3/v3_conf.c
+++ b/crypto/x509v3/v3_conf.c
@@ -88,11 +88,13 @@ static X509_EXTENSION *do_ext_nconf(CONF *conf, X509V3_CTX *ctx, int ext_nid,
              nval = NCONF_get_section(conf, value + 1);
          else
              nval = X509V3_parse_list(value);
-        if (sk_CONF_VALUE_num(nval) <= 0) {
+        if (nval == NULL || sk_CONF_VALUE_num(nval) <= 0) {
              X509V3err(X509V3_F_DO_EXT_NCONF,
                        X509V3_R_INVALID_EXTENSION_STRING);
              ERR_add_error_data(4, "name=", OBJ_nid2sn(ext_nid), ",section=",
                                 value);
+            if (*value != '@')
+                sk_CONF_VALUE_free(nval);
              return NULL;
          }
          ext_struc = method->v2i(method, ctx, nval);
author	Matt Caswell <matt@openssl.org>
	Fri, 10 Jun 2016 14:30:09 +0000 (15:30 +0100)
committer	Matt Caswell <matt@openssl.org>
	Fri, 10 Jun 2016 15:42:05 +0000 (16:42 +0100)