summaryrefslogtreecommitdiffstats
path: root/apps/lib
diff options
context:
space:
mode:
authorFrederik Wedel-Heinen <frederik.wedel-heinen@dencrypt.dk>2024-12-20 21:05:59 +0100
committerTomas Mraz <tomas@openssl.org>2025-01-24 13:37:38 +0100
commitbd0a2e0c1eac69e83379dedbb80b348600daddcb (patch)
tree0785dfc4999115bbb71dedbe79823db4a96dd9cd /apps/lib
parentExpose the provider `c_get_params` function via PROV_CTX. (diff)
downloadopenssl-bd0a2e0c1eac69e83379dedbb80b348600daddcb.tar.xz
openssl-bd0a2e0c1eac69e83379dedbb80b348600daddcb.zip
Check returns of sk_X509_CRL_push and handle appropriately.
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/26234)
Diffstat (limited to 'apps/lib')
-rw-r--r--apps/lib/apps.c20
1 files changed, 13 insertions, 7 deletions
diff --git a/apps/lib/apps.c b/apps/lib/apps.c
index 3bc6465945..85e5094b9e 100644
--- a/apps/lib/apps.c
+++ b/apps/lib/apps.c
@@ -2515,18 +2515,24 @@ static STACK_OF(X509_CRL) *crls_http_cb(const X509_STORE_CTX *ctx,
crldp = X509_get_ext_d2i(x, NID_crl_distribution_points, NULL, NULL);
crl = load_crl_crldp(crldp);
sk_DIST_POINT_pop_free(crldp, DIST_POINT_free);
- if (!crl) {
- sk_X509_CRL_free(crls);
- return NULL;
- }
- sk_X509_CRL_push(crls, crl);
+
+ if (crl == NULL || !sk_X509_CRL_push(crls, crl))
+ goto error;
+
/* Try to download delta CRL */
crldp = X509_get_ext_d2i(x, NID_freshest_crl, NULL, NULL);
crl = load_crl_crldp(crldp);
sk_DIST_POINT_pop_free(crldp, DIST_POINT_free);
- if (crl)
- sk_X509_CRL_push(crls, crl);
+
+ if (crl != NULL && !sk_X509_CRL_push(crls, crl))
+ goto error;
+
return crls;
+
+error:
+ X509_CRL_free(crl);
+ sk_X509_CRL_free(crls);
+ return NULL;
}
void store_setup_crl_download(X509_STORE *st)
generated by cgit v1.2.3 (git 2.39.1) at 2025-01-30 16:08:22 +0100