Fix crahses and leaks in pkcs12 utility -chain option

[openssl.git] / apps / pkcs12.c

diff --git a/apps/pkcs12.c b/apps/pkcs12.c
index a42421803412261963a954820b6db6f7a1b23448..1697f6157ff5eb2245fb4fcfd6fd73d2eaaf7661 100644 (file)
--- a/apps/pkcs12.c
+++ b/apps/pkcs12.c
@@ -127,6 +127,9 @@ int MAIN(int argc, char **argv)
     enc = EVP_des_ede3_cbc();
     if (bio_err == NULL ) bio_err = BIO_new_fp (stderr, BIO_NOCLOSE);
 
+       if (!load_config(bio_err, NULL))
+               goto end;
+
     args = argv + 1;
 
 
@@ -152,9 +155,9 @@ int MAIN(int argc, char **argv)
 #endif
                else if (!strcmp (*args, "-des3")) enc = EVP_des_ede3_cbc();
 #ifndef OPENSSL_NO_AES
-               else if (!strcmp(*argv,"-aes128")) enc=EVP_aes_128_cbc();
-               else if (!strcmp(*argv,"-aes192")) enc=EVP_aes_192_cbc();
-               else if (!strcmp(*argv,"-aes256")) enc=EVP_aes_256_cbc();
+               else if (!strcmp(*args,"-aes128")) enc=EVP_aes_128_cbc();
+               else if (!strcmp(*args,"-aes192")) enc=EVP_aes_192_cbc();
+               else if (!strcmp(*args,"-aes256")) enc=EVP_aes_256_cbc();
 #endif
                else if (!strcmp (*args, "-noiter")) iter = 1;
                else if (!strcmp (*args, "-maciter"))
@@ -424,7 +427,7 @@ int MAIN(int argc, char **argv)
        CRYPTO_push_info("process -export_cert");
        CRYPTO_push_info("reading private key");
 #endif
-       key = load_key(bio_err, keyname ? keyname : infile, FORMAT_PEM,
+       key = load_key(bio_err, keyname ? keyname : infile, FORMAT_PEM, 1,
                passin, e, "private key");
        if (!key) {
                goto export_end;
@@ -505,9 +508,10 @@ int MAIN(int argc, char **argv)
                    /* Exclude verified certificate */
                    for (i = 1; i < sk_X509_num (chain2) ; i++) 
                        sk_X509_push(certs, sk_X509_value (chain2, i));
-               }
-               sk_X509_free(chain2);
-               if (vret) {
+                   /* Free first certificate */
+                   X509_free(sk_X509_value(chain2, 0));
+                   sk_X509_free(chain2);
+               } else {
                        BIO_printf (bio_err, "Error %s getting chain.\n",
                                        X509_verify_cert_error_string(vret));
                        goto export_end;
@@ -534,8 +538,6 @@ int MAIN(int argc, char **argv)
        }
        sk_X509_pop_free(certs, X509_free);
        certs = NULL;
-       /* ucert is part of certs so it is already freed */
-       ucert = NULL;
 
 #ifdef CRYPTO_MDEBUG
        CRYPTO_pop_info();
@@ -624,7 +626,6 @@ int MAIN(int argc, char **argv)
        if (certs) sk_X509_pop_free(certs, X509_free);
        if (safes) sk_PKCS7_pop_free(safes, PKCS7_free);
        if (bags) sk_PKCS12_SAFEBAG_pop_free(bags, PKCS12_SAFEBAG_free);
-       if (ucert) X509_free(ucert);
 
 #ifdef CRYPTO_MDEBUG
        CRYPTO_pop_info();
@@ -776,7 +777,10 @@ int dump_certs_pkeys_bag (BIO *out, PKCS12_SAFEBAG *bag, char *pass,
                print_attribs (out, bag->attrib, "Bag Attributes");
                if (!(p8 = PKCS12_decrypt_skey(bag, pass, passlen)))
                                return 0;
-               if (!(pkey = EVP_PKCS82PKEY (p8))) return 0;
+               if (!(pkey = EVP_PKCS82PKEY (p8))) {
+                       PKCS8_PRIV_KEY_INFO_free(p8);
+                       return 0;
+               }
                print_attribs (out, p8->attributes, "Key Attributes");
                PKCS8_PRIV_KEY_INFO_free(p8);
                PEM_write_bio_PrivateKey (out, pkey, enc, NULL, 0, NULL, pempass);