OCSP_request_add0_id() inconsistent error return

There are two failure cases for OCSP_request_add_id(): 1. OCSP_ONEREQ_new() failure, where |cid| is not freed 2. sk_OCSP_ONEREQ_push() failure, where |cid| is freed This changes makes the error behavior consistent, such that |cid| is not freed when sk_OCSP_ONEREQ_push() fails. OpenSSL only takes ownership of |cid| when the function succeeds. Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/1289)
author: Todd Short <tshort@akamai.com> 2016-07-05 15:59:29 +0200
committer: Rich Salz <rsalz@openssl.org> 2016-07-20 07:24:57 +0200
commit: 415e7c488e09119a42be24129e38ddd43524ee06 (patch)
tree: a3664e8a87c251ec01249fcefb692a41288d8239 /crypto/ocsp
parent: Sanity check in ssl_get_algorithm2(). (diff)
download: openssl-415e7c488e09119a42be24129e38ddd43524ee06.tar.xz
openssl-415e7c488e09119a42be24129e38ddd43524ee06.zip
1 files changed, 3 insertions, 1 deletions
diff --git a/crypto/ocsp/ocsp_cl.c b/crypto/ocsp/ocsp_cl.c
index d0ee0574d5..12d5bef574 100644
--- a/crypto/ocsp/ocsp_cl.c
+++ b/crypto/ocsp/ocsp_cl.c
@@ -35,8 +35,10 @@ OCSP_ONEREQ *OCSP_request_add0_id(OCSP_REQUEST *req, OCSP_CERTID *cid)
         return NULL;
     OCSP_CERTID_free(one->reqCert);
     one->reqCert = cid;
-    if (req && !sk_OCSP_ONEREQ_push(req->tbsRequest.requestList, one))
+    if (req && !sk_OCSP_ONEREQ_push(req->tbsRequest.requestList, one)) {
+        one->reqCert = NULL; /* do not free on error */
         goto err;
+    }
     return one;
  err:
     OCSP_ONEREQ_free(one);
author	Todd Short <tshort@akamai.com>	2016-07-05 15:59:29 +0200
committer	Rich Salz <rsalz@openssl.org>	2016-07-20 07:24:57 +0200
commit	415e7c488e09119a42be24129e38ddd43524ee06 (patch)
tree	a3664e8a87c251ec01249fcefb692a41288d8239 /crypto/ocsp
parent	Sanity check in ssl_get_algorithm2(). (diff)
download	openssl-415e7c488e09119a42be24129e38ddd43524ee06.tar.xz openssl-415e7c488e09119a42be24129e38ddd43524ee06.zip