diff options
| author | Dr. David von Oheimb <David.von.Oheimb@siemens.com> | 2021-04-19 16:03:53 +0200 |
|---|---|---|
| committer | Dr. David von Oheimb <dev@ddvo.net> | 2021-04-21 07:23:20 +0200 |
| commit | 4e030ed45dbf56be2f09d86f76f697ae6a0c567f (patch) | |
| tree | 703175d2197867a2d66286a9e9cd1d0205abf838 /apps | |
| parent | 2ec6491669d1a93a5c4a445715aae6b1582cb2a4 (diff) | |
| download | openssl-4e030ed45dbf56be2f09d86f76f697ae6a0c567f.tar.gz | |
apps/cmp.c: Fix double free on OSSL_CMP_CTX_set1_p10CSR() failure
Fixes #14910
Also slightly improve further error handling of setup_request_ctx().
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14929)
Diffstat (limited to 'apps')
| -rw-r--r-- | apps/cmp.c | 17 |
1 files changed, 7 insertions, 10 deletions
diff --git a/apps/cmp.c b/apps/cmp.c index 644fb545d2..da28c3215e 100644 --- a/apps/cmp.c +++ b/apps/cmp.c @@ -1580,18 +1580,15 @@ static int setup_request_ctx(OSSL_CMP_CTX *ctx, ENGINE *engine) if (opt_cmd == CMP_GENM) { CMP_warn("-csr option is ignored for command 'genm'"); } else { - csr = load_csr_autofmt(opt_csr, "PKCS#10 CSR"); - if (csr == NULL) + if ((csr = load_csr_autofmt(opt_csr, "PKCS#10 CSR")) == NULL) return 0; - if (!OSSL_CMP_CTX_set1_p10CSR(ctx, csr)) { - X509_REQ_free(csr); + if (!OSSL_CMP_CTX_set1_p10CSR(ctx, csr)) goto oom; - } } } if (opt_reqexts != NULL || opt_policies != NULL) { if ((exts = sk_X509_EXTENSION_new_null()) == NULL) - goto exts_err; + goto oom; X509V3_set_ctx(&ext_ctx, NULL, NULL, csr, NULL, X509V3_CTX_REPLACE); X509V3_set_nconf(&ext_ctx, conf); if (opt_reqexts != NULL @@ -1607,15 +1604,14 @@ static int setup_request_ctx(OSSL_CMP_CTX *ctx, ENGINE *engine) goto exts_err; } OSSL_CMP_CTX_set0_reqExtensions(ctx, exts); - exts = NULL; } X509_REQ_free(csr); - csr = NULL; + /* After here, must not goto oom/exts_err */ + if (OSSL_CMP_CTX_reqExtensions_have_SAN(ctx) && opt_sans != NULL) { CMP_err("cannot have Subject Alternative Names both via -reqexts and via -sans"); return 0; } - if (!set_gennames(ctx, opt_sans, "Subject Alternative Name")) return 0; @@ -1675,7 +1671,8 @@ static int setup_request_ctx(OSSL_CMP_CTX *ctx, ENGINE *engine) return 0; if (!OSSL_CMP_CTX_set1_oldCert(ctx, oldcert)) { X509_free(oldcert); - goto oom; + CMP_err("out of memory"); + return 0; } X509_free(oldcert); } |