Fix crahses and leaks in pkcs12 utility -chain option

author Dr. Stephen Henson <steve@openssl.org>

Thu, 22 Aug 2002 21:54:51 +0000 (21:54 +0000)

committer Dr. Stephen Henson <steve@openssl.org>

Thu, 22 Aug 2002 21:54:51 +0000 (21:54 +0000)
author Dr. Stephen Henson <steve@openssl.org>
Thu, 22 Aug 2002 21:54:51 +0000 (21:54 +0000)
committer Dr. Stephen Henson <steve@openssl.org>
Thu, 22 Aug 2002 21:54:51 +0000 (21:54 +0000)
diff --git a/apps/pkcs12.c b/apps/pkcs12.c

index 73550d1801540f73925e5c9a2bced9c357c732fa..1697f6157ff5eb2245fb4fcfd6fd73d2eaaf7661 100644 (file)
--- a/apps/pkcs12.c
+++ b/apps/pkcs12.c
@@ -508,9 +508,10 @@ int MAIN(int argc, char **argv)
                     /* Exclude verified certificate */
                     for (i = 1; i < sk_X509_num (chain2) ; i++) 
                         sk_X509_push(certs, sk_X509_value (chain2, i));
                     /* Exclude verified certificate */
                     for (i = 1; i < sk_X509_num (chain2) ; i++) 
                         sk_X509_push(certs, sk_X509_value (chain2, i));
-               }
-               sk_X509_free(chain2);
-               if (vret) {
+                   /* Free first certificate */
+                   X509_free(sk_X509_value(chain2, 0));
+                   sk_X509_free(chain2);
+               } else {
                         BIO_printf (bio_err, "Error %s getting chain.\n",
                                         X509_verify_cert_error_string(vret));
                         goto export_end;
                         BIO_printf (bio_err, "Error %s getting chain.\n",
                                         X509_verify_cert_error_string(vret));
                         goto export_end;
@@ -537,8 +538,6 @@ int MAIN(int argc, char **argv)
         }
         sk_X509_pop_free(certs, X509_free);
         certs = NULL;
         }
         sk_X509_pop_free(certs, X509_free);
         certs = NULL;
-       /* ucert is part of certs so it is already freed */
-       ucert = NULL;
  
  #ifdef CRYPTO_MDEBUG
         CRYPTO_pop_info();
  
  #ifdef CRYPTO_MDEBUG
         CRYPTO_pop_info();
@@ -627,7 +626,6 @@ int MAIN(int argc, char **argv)
         if (certs) sk_X509_pop_free(certs, X509_free);
         if (safes) sk_PKCS7_pop_free(safes, PKCS7_free);
         if (bags) sk_PKCS12_SAFEBAG_pop_free(bags, PKCS12_SAFEBAG_free);
         if (certs) sk_X509_pop_free(certs, X509_free);
         if (safes) sk_PKCS7_pop_free(safes, PKCS7_free);
         if (bags) sk_PKCS12_SAFEBAG_pop_free(bags, PKCS12_SAFEBAG_free);
-       if (ucert) X509_free(ucert);
  
  #ifdef CRYPTO_MDEBUG
         CRYPTO_pop_info();
  
  #ifdef CRYPTO_MDEBUG
         CRYPTO_pop_info();
author	Dr. Stephen Henson <steve@openssl.org>
	Thu, 22 Aug 2002 21:54:51 +0000 (21:54 +0000)
committer	Dr. Stephen Henson <steve@openssl.org>
	Thu, 22 Aug 2002 21:54:51 +0000 (21:54 +0000)