Fix an error path leak in do_ext_nconf()

Reviewed-by: N Rich Salz <rsalz@openssl.org>

Fix an error path leak in do_ext_nconf()
Reviewed-by: N Rich Salz <rsalz@openssl.org>
8605abf1 · Matt Caswell · e68a780e · 8605abf1
隐藏空白更改
内联并排

Showing with 3 addition and 1 deletion

crypto/x509v3/v3_conf.c crypto/x509v3/v3_conf.c +3 -1

未找到文件。
--- a/crypto/x509v3/v3_conf.c
+++ b/crypto/x509v3/v3_conf.c
@@ -88,11 +88,13 @@ static X509_EXTENSION *do_ext_nconf(CONF *conf, X509V3_CTX *ctx, int ext_nid,
            nval = NCONF_get_section(conf, value + 1);
        else
            nval = X509V3_parse_list(value);
-        if (sk_CONF_VALUE_num(nval) <= 0) {
+        if (nval == NULL || sk_CONF_VALUE_num(nval) <= 0) {
            X509V3err(X509V3_F_DO_EXT_NCONF,
                      X509V3_R_INVALID_EXTENSION_STRING);
            ERR_add_error_data(4, "name=", OBJ_nid2sn(ext_nid), ",section=",
                               value);
+            if (*value != '@')
+                sk_CONF_VALUE_free(nval);
            return NULL;
        }
        ext_struc = method->v2i(method, ctx, nval);