Avoid possible memleak in X509_policy_check()
authorRichard Levitte <levitte@openssl.org>
Wed, 5 Jul 2017 09:08:45 +0000 (11:08 +0200)
committerRichard Levitte <levitte@openssl.org>
Thu, 6 Jul 2017 07:15:41 +0000 (09:15 +0200)
When tree_calculate_user_set() fails, a jump to error failed to
deallocate a possibly allocated |auth_nodes|.

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3851)

crypto/x509v3/pcy_tree.c

index 09b8691..03c9533 100644 (file)
@@ -732,6 +732,7 @@ int X509_policy_check(X509_POLICY_TREE **ptree, int *pexplicit_policy,
                       STACK_OF(ASN1_OBJECT) *policy_oids, unsigned int flags)
 {
     int ret;
+    int calc_ret;
     X509_POLICY_TREE *tree = NULL;
     STACK_OF(X509_POLICY_NODE) *nodes, *auth_nodes = NULL;
     *ptree = NULL;
@@ -800,17 +801,20 @@ int X509_policy_check(X509_POLICY_TREE **ptree, int *pexplicit_policy,
 
     /* Tree is not empty: continue */
 
-    ret = tree_calculate_authority_set(tree, &auth_nodes);
+    calc_ret = tree_calculate_authority_set(tree, &auth_nodes);
 
-    if (!ret)
+    if (!calc_ret)
         goto error;
 
-    if (!tree_calculate_user_set(tree, policy_oids, auth_nodes))
-        goto error;
+    ret = tree_calculate_user_set(tree, policy_oids, auth_nodes);
 
-    if (ret == 2)
+    if (calc_ret == 2)
         sk_X509_POLICY_NODE_free(auth_nodes);
 
+    if (!ret)
+        goto error;
+
+
     if (tree)
         *ptree = tree;