Don't leak resource on error in OCSP_url_svcloc_new

On error we could leak a ACCESS_DESCRIPTION and an ASN1_IA5STRING. Both should be freed in the error path. Reviewed-by: N Richard Levitte <levitte@openssl.org>

Don't leak resource on error in OCSP_url_svcloc_new
On error we could leak a ACCESS_DESCRIPTION and an ASN1_IA5STRING. Both should be freed in the error path. Reviewed-by: N Richard Levitte <levitte@openssl.org>
a4e584a6 · Matt Caswell · f08e8034 · a4e584a6
隐藏空白更改
内联并排

Showing with 4 addition and 0 deletion

crypto/ocsp/ocsp_ext.c crypto/ocsp/ocsp_ext.c +4 -0

未找到文件。
--- a/crypto/ocsp/ocsp_ext.c
+++ b/crypto/ocsp/ocsp_ext.c
@@ -509,12 +509,16 @@ X509_EXTENSION *OCSP_url_svcloc_new(X509_NAME *issuer, char **urls)
            goto err;
        ad->location->type = GEN_URI;
        ad->location->d.ia5 = ia5;
+        ia5 = NULL;
        if (!sk_ACCESS_DESCRIPTION_push(sloc->locator, ad))
            goto err;
+        ad = NULL;
        urls++;
    }
    x = X509V3_EXT_i2d(NID_id_pkix_OCSP_serviceLocator, 0, sloc);
 err:
+    ASN1_IA5STRING_free(ia5);
+    ACCESS_DESCRIPTION_free(ad);
    OCSP_SERVICELOC_free(sloc);
    return x;
 }