PR: 2737

Submitted by: Remi Gacogne <rgacogne-bugs@coredump.fr>

Fix double free in PKCS12_parse if we run out of memory.

diff --git a/crypto/pkcs12/p12_kiss.c b/crypto/pkcs12/p12_kiss.c
index 292cc3ed4a27f2e076923a84279d4355669aac43..206b1b0b18abb243173de62c631df728ef7f5e03 100644 (file)
--- a/crypto/pkcs12/p12_kiss.c
+++ b/crypto/pkcs12/p12_kiss.c
@@ -167,7 +167,7 @@ int PKCS12_parse(PKCS12 *p12, const char *pass, EVP_PKEY **pkey, X509 **cert,
        if (cert && *cert)
                X509_free(*cert);
        if (x)
-               X509_free(*cert);
+               X509_free(x);
        if (ocerts)
                sk_X509_pop_free(ocerts, X509_free);
        return 0;