do_dirname: Don't change gen on failures
It would set gen->d.dirn to a freed pointer in case X509V3_NAME_from_section failed. Reviewed-by: Rich Salz <rsalz@openssl.org> (cherry picked from commit 8ec5c5dd361343d9017eff8547b19e86e4944ebc)
This commit is contained in:
Kurt Roeckx
parent
f6cddcccc8
commit
ea9de25f2f
@ -584,24 +584,26 @@ static int do_othername(GENERAL_NAME *gen, char *value, X509V3_CTX *ctx)
|
|||||||
|
|
||||||
static int do_dirname(GENERAL_NAME *gen, char *value, X509V3_CTX *ctx)
|
static int do_dirname(GENERAL_NAME *gen, char *value, X509V3_CTX *ctx)
|
||||||
{
|
{
|
||||||
int ret;
|
int ret = 0;
|
||||||
STACK_OF(CONF_VALUE) *sk;
|
STACK_OF(CONF_VALUE) *sk = NULL;
|
||||||
X509_NAME *nm;
|
X509_NAME *nm = NULL;
|
||||||
if (!(nm = X509_NAME_new()))
|
if (!(nm = X509_NAME_new()))
|
||||||
return 0;
|
goto err;
|
||||||
sk = X509V3_get_section(ctx, value);
|
sk = X509V3_get_section(ctx, value);
|
||||||
if (!sk) {
|
if (!sk) {
|
||||||
X509V3err(X509V3_F_DO_DIRNAME, X509V3_R_SECTION_NOT_FOUND);
|
X509V3err(X509V3_F_DO_DIRNAME, X509V3_R_SECTION_NOT_FOUND);
|
||||||
ERR_add_error_data(2, "section=", value);
|
ERR_add_error_data(2, "section=", value);
|
||||||
X509_NAME_free(nm);
|
goto err;
|
||||||
return 0;
|
|
||||||
}
|
}
|
||||||
/* FIXME: should allow other character types... */
|
/* FIXME: should allow other character types... */
|
||||||
ret = X509V3_NAME_from_section(nm, sk, MBSTRING_ASC);
|
ret = X509V3_NAME_from_section(nm, sk, MBSTRING_ASC);
|
||||||
if (!ret)
|
if (!ret)
|
||||||
X509_NAME_free(nm);
|
goto err;
|
||||||
gen->d.dirn = nm;
|
gen->d.dirn = nm;
|
||||||
X509V3_section_free(ctx, sk);
|
|
||||||
|
|
||||||
|
err:
|
||||||
|
if (ret == 0)
|
||||||
|
X509_NAME_free(nm);
|
||||||
|
X509V3_section_free(ctx, sk);
|
||||||
return ret;
|
return ret;
|
||||||
}
|
}
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user