do_dirname: Don't change gen on failures

It would set gen->d.dirn to a freed pointer in case X509V3_NAME_from_section
failed.

Reviewed-by: Rich Salz <rsalz@openssl.org>
This commit is contained in:
Kurt Roeckx 2015-04-11 16:39:13 +02:00
parent f49baeff50
commit 8ec5c5dd36

View File

@ -586,24 +586,26 @@ static int do_othername(GENERAL_NAME *gen, char *value, X509V3_CTX *ctx)
static int do_dirname(GENERAL_NAME *gen, char *value, X509V3_CTX *ctx)
{
int ret;
STACK_OF(CONF_VALUE) *sk;
X509_NAME *nm;
int ret = 0;
STACK_OF(CONF_VALUE) *sk = NULL;
X509_NAME *nm = NULL;
if (!(nm = X509_NAME_new()))
return 0;
goto err;
sk = X509V3_get_section(ctx, value);
if (!sk) {
X509V3err(X509V3_F_DO_DIRNAME, X509V3_R_SECTION_NOT_FOUND);
ERR_add_error_data(2, "section=", value);
X509_NAME_free(nm);
return 0;
goto err;
}
/* FIXME: should allow other character types... */
ret = X509V3_NAME_from_section(nm, sk, MBSTRING_ASC);
if (!ret)
X509_NAME_free(nm);
goto err;
gen->d.dirn = nm;
X509V3_section_free(ctx, sk);
err:
if (ret == 0)
X509_NAME_free(nm);
X509V3_section_free(ctx, sk);
return ret;
}