OCSP_request_add0_id() inconsistent error return

There are two failure cases for OCSP_request_add_id(): 1. OCSP_ONEREQ_new() failure, where |cid| is not freed 2. sk_OCSP_ONEREQ_push() failure, where |cid| is freed This changes makes the error behavior consistent, such that |cid| is not freed when sk_OCSP_ONEREQ_push() fails. OpenSSL only takes ownership of |cid| when the function succeeds. Reviewed-by: N Matt Caswell <matt@openssl.org> Reviewed-by: N Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/1289)

OCSP_request_add0_id() inconsistent error return
There are two failure cases for OCSP_request_add_id(): 1. OCSP_ONEREQ_new() failure, where |cid| is not freed 2. sk_OCSP_ONEREQ_push() failure, where |cid| is freed This changes makes the error behavior consistent, such that |cid| is not freed when sk_OCSP_ONEREQ_push() fails. OpenSSL only takes ownership of |cid| when the function succeeds. Reviewed-by: N Matt Caswell <matt@openssl.org> Reviewed-by: N Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/1289)
415e7c48 · Todd Short · Rich Salz · 52eede5a · 415e7c48
隐藏空白更改
内联并排

Showing with 3 addition and 1 deletion

crypto/ocsp/ocsp_cl.c crypto/ocsp/ocsp_cl.c +3 -1

未找到文件。
--- a/crypto/ocsp/ocsp_cl.c
+++ b/crypto/ocsp/ocsp_cl.c
@@ -35,8 +35,10 @@ OCSP_ONEREQ *OCSP_request_add0_id(OCSP_REQUEST *req, OCSP_CERTID *cid)
        return NULL;
    OCSP_CERTID_free(one->reqCert);
    one->reqCert = cid;
-    if (req && !sk_OCSP_ONEREQ_push(req->tbsRequest.requestList, one))
+    if (req && !sk_OCSP_ONEREQ_push(req->tbsRequest.requestList, one)) {
+        one->reqCert = NULL; /* do not free on error */
        goto err;
+    }
    return one;
 err:
    OCSP_ONEREQ_free(one);