diff options
author | FdaSilvaYY <fdasilvayy@gmail.com> | 2016-03-17 00:15:48 +0100 |
---|---|---|
committer | FdaSilvaYY <fdasilvayy@gmail.com> | 2016-04-04 19:02:51 +0200 |
commit | 0517538d1a39bc5eb664928a6c40b4a0afad01da (patch) | |
tree | dfe58a627a2d91d9b248144beea9bdc90ca60dfb /crypto/x509/x509_r2x.c | |
parent | 6c13488c4e75ef839bc07a3ce428289aef4bd267 (diff) | |
download | openssl-0517538d1a39bc5eb664928a6c40b4a0afad01da.tar.gz |
Fix two leaks in X509_REQ_to_X509
Issue #182
Reviewed-by: Stephen Henson <steve@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
Diffstat (limited to 'crypto/x509/x509_r2x.c')
-rw-r--r-- | crypto/x509/x509_r2x.c | 18 |
1 files changed, 14 insertions, 4 deletions
diff --git a/crypto/x509/x509_r2x.c b/crypto/x509/x509_r2x.c index a6c5941c2d..dc7e41265c 100644 --- a/crypto/x509/x509_r2x.c +++ b/crypto/x509/x509_r2x.c @@ -70,10 +70,11 @@ X509 *X509_REQ_to_X509(X509_REQ *r, int days, EVP_PKEY *pkey) X509 *ret = NULL; X509_CINF *xi = NULL; X509_NAME *xn; + EVP_PKEY *pubkey = NULL; if ((ret = X509_new()) == NULL) { X509err(X509_F_X509_REQ_TO_X509, ERR_R_MALLOC_FAILURE); - goto err; + return NULL; } /* duplicate the request */ @@ -89,9 +90,9 @@ X509 *X509_REQ_to_X509(X509_REQ *r, int days, EVP_PKEY *pkey) } xn = X509_REQ_get_subject_name(r); - if (X509_set_subject_name(ret, X509_NAME_dup(xn)) == 0) + if (X509_set_subject_name(ret, xn) == 0) goto err; - if (X509_set_issuer_name(ret, X509_NAME_dup(xn)) == 0) + if (X509_set_issuer_name(ret, xn) == 0) goto err; if (X509_gmtime_adj(xi->validity.notBefore, 0) == NULL) @@ -100,12 +101,21 @@ X509 *X509_REQ_to_X509(X509_REQ *r, int days, EVP_PKEY *pkey) NULL) goto err; - X509_set_pubkey(ret, X509_REQ_get_pubkey(r)); + pubkey = X509_REQ_get_pubkey(r); + if (pubkey == NULL) + goto err; + + if (!X509_set_pubkey(ret, pubkey)) + goto err_pkey; + + EVP_PKEY_free(pubkey); if (!X509_sign(ret, pkey, EVP_md5())) goto err; return ret; + err_pkey: + EVP_PKEY_free(pubkey); err: X509_free(ret); return NULL; |