Fix crahses and leaks in pkcs12 utility -chain option
authorDr. Stephen Henson <steve@openssl.org>
Thu, 22 Aug 2002 21:54:51 +0000 (21:54 +0000)
committerDr. Stephen Henson <steve@openssl.org>
Thu, 22 Aug 2002 21:54:51 +0000 (21:54 +0000)
apps/pkcs12.c

index 73550d1..1697f61 100644 (file)
@@ -508,9 +508,10 @@ int MAIN(int argc, char **argv)
                    /* Exclude verified certificate */
                    for (i = 1; i < sk_X509_num (chain2) ; i++) 
                        sk_X509_push(certs, sk_X509_value (chain2, i));
-               }
-               sk_X509_free(chain2);
-               if (vret) {
+                   /* Free first certificate */
+                   X509_free(sk_X509_value(chain2, 0));
+                   sk_X509_free(chain2);
+               } else {
                        BIO_printf (bio_err, "Error %s getting chain.\n",
                                        X509_verify_cert_error_string(vret));
                        goto export_end;
@@ -537,8 +538,6 @@ int MAIN(int argc, char **argv)
        }
        sk_X509_pop_free(certs, X509_free);
        certs = NULL;
-       /* ucert is part of certs so it is already freed */
-       ucert = NULL;
 
 #ifdef CRYPTO_MDEBUG
        CRYPTO_pop_info();
@@ -627,7 +626,6 @@ int MAIN(int argc, char **argv)
        if (certs) sk_X509_pop_free(certs, X509_free);
        if (safes) sk_PKCS7_pop_free(safes, PKCS7_free);
        if (bags) sk_PKCS12_SAFEBAG_pop_free(bags, PKCS12_SAFEBAG_free);
-       if (ucert) X509_free(ucert);
 
 #ifdef CRYPTO_MDEBUG
        CRYPTO_pop_info();