X509V3_EXT_add_nconf_sk, X509v3_add_ext: fix errors handling

X509v3_add_ext: free 'sk' if the memory pointed to by it was malloc-ed inside this function. X509V3_EXT_add_nconf_sk: return an error if X509v3_add_ext() fails. This prevents use of a freed memory in do_body:sk_X509_EXTENSION_num(). Reviewed-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/4698)
author: Pavel Kopyl <p.kopyl@samsung.com> 2017-11-07 13:28:18 +0100
committer: Matt Caswell <matt@openssl.org> 2018-02-21 13:18:48 +0100
commit: abcf241114c4dc33af95288ae7f7d10916c67db0 (patch)
tree: 8fddfe70dc56c32dc80e2315be13daf79eb0a85e /crypto/x509/x509_v3.c
parent: Replaced variable-time GCD with consttime inversion to avoid side-channel att... (diff)
download: openssl-abcf241114c4dc33af95288ae7f7d10916c67db0.tar.xz
openssl-abcf241114c4dc33af95288ae7f7d10916c67db0.zip
1 files changed, 2 insertions, 1 deletions
diff --git a/crypto/x509/x509_v3.c b/crypto/x509/x509_v3.c
index a09b0cef69..b439030cfe 100644
--- a/crypto/x509/x509_v3.c
+++ b/crypto/x509/x509_v3.c
@@ -128,7 +128,8 @@ STACK_OF(X509_EXTENSION) *X509v3_add_ext(STACK_OF(X509_EXTENSION) **x,
     X509err(X509_F_X509V3_ADD_EXT, ERR_R_MALLOC_FAILURE);
  err2:
     X509_EXTENSION_free(new_ex);
-    sk_X509_EXTENSION_free(sk);
+    if (x != NULL && *x == NULL)
+        sk_X509_EXTENSION_free(sk);
     return NULL;
 }
author	Pavel Kopyl <p.kopyl@samsung.com>	2017-11-07 13:28:18 +0100
committer	Matt Caswell <matt@openssl.org>	2018-02-21 13:18:48 +0100
commit	abcf241114c4dc33af95288ae7f7d10916c67db0 (patch)
tree	8fddfe70dc56c32dc80e2315be13daf79eb0a85e /crypto/x509/x509_v3.c
parent	Replaced variable-time GCD with consttime inversion to avoid side-channel att... (diff)
download	openssl-abcf241114c4dc33af95288ae7f7d10916c67db0.tar.xz openssl-abcf241114c4dc33af95288ae7f7d10916c67db0.zip