OCSP_request_add0_id() inconsistent error return
authorTodd Short <tshort@akamai.com>
Tue, 5 Jul 2016 13:59:29 +0000 (09:59 -0400)
committerRich Salz <rsalz@openssl.org>
Wed, 20 Jul 2016 05:29:16 +0000 (01:29 -0400)
There are two failure cases for OCSP_request_add_id():
1. OCSP_ONEREQ_new() failure, where |cid| is not freed
2. sk_OCSP_ONEREQ_push() failure, where |cid| is freed

This changes makes the error behavior consistent, such that |cid| is
not freed when sk_OCSP_ONEREQ_push() fails. OpenSSL only takes
ownership of |cid| when the function succeeds.

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1289)
(cherry picked from commit 415e7c488e09119a42be24129e38ddd43524ee06)

crypto/ocsp/ocsp_cl.c

index b3612c8..fca7db0 100644 (file)
@@ -93,8 +93,10 @@ OCSP_ONEREQ *OCSP_request_add0_id(OCSP_REQUEST *req, OCSP_CERTID *cid)
     if (one->reqCert)
         OCSP_CERTID_free(one->reqCert);
     one->reqCert = cid;
-    if (req && !sk_OCSP_ONEREQ_push(req->tbsRequest->requestList, one))
+    if (req && !sk_OCSP_ONEREQ_push(req->tbsRequest->requestList, one)) {
+        one->reqCert = NULL; /* do not free on error */
         goto err;
+    }
     return one;
  err:
     OCSP_ONEREQ_free(one);