generic-library/openssl
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

In X509_STORE_CTX_init, cleanup on failure

Browse Source 
Signed-off-by: Rich Salz <rsalz@akamai.com>
Reviewed-by: Tim Hudson <tjh@openssl.org>
This commit is contained in:
mrpre 2015-08-29 10:26:39 +08:00 committed by Rich Salz
parent d35ff2c0ad
commit ecdaa1aefd
1 changed files with 33 additions and 27 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

60
crypto/x509/x509_vfy.c
View File

@ -2286,6 +2286,7 @@ int X509_STORE_CTX_init(X509_STORE_CTX *ctx, X509_STORE *store, X509 *x509,
STACK_OF(X509) *chain) STACK_OF(X509) *chain)
{ {
int ret = 1; int ret = 1;
ctx->ctx = store; ctx->ctx = store;
ctx->current_method = 0; ctx->current_method = 0;
ctx->cert = x509; ctx->cert = x509;
@ -2306,37 +2307,12 @@ int X509_STORE_CTX_init(X509_STORE_CTX *ctx, X509_STORE *store, X509 *x509,
ctx->tree = NULL; ctx->tree = NULL;
ctx->parent = NULL; ctx->parent = NULL;
ctx->param = X509_VERIFY_PARAM_new();
if (!ctx->param) {
X509err(X509_F_X509_STORE_CTX_INIT, ERR_R_MALLOC_FAILURE);
return 0;
}
/*
* Inherit callbacks and flags from X509_STORE if not set use defaults.
*/
if (store)
ret = X509_VERIFY_PARAM_inherit(ctx->param, store->param);
else
ctx->param->inh_flags |= X509_VP_FLAG_DEFAULT | X509_VP_FLAG_ONCE;
if (store) { if (store) {
ctx->verify_cb = store->verify_cb; ctx->verify_cb = store->verify_cb;
ctx->cleanup = store->cleanup; ctx->cleanup = store->cleanup;
} else } else
ctx->cleanup = 0; ctx->cleanup = 0;
if (ret)
ret = X509_VERIFY_PARAM_inherit(ctx->param,
X509_VERIFY_PARAM_lookup("default"));
if (ret == 0) {
X509err(X509_F_X509_STORE_CTX_INIT, ERR_R_MALLOC_FAILURE);
return 0;
}
if (store && store->check_issued) if (store && store->check_issued)
ctx->check_issued = store->check_issued; ctx->check_issued = store->check_issued;
else else
@ -2389,17 +2365,47 @@ int X509_STORE_CTX_init(X509_STORE_CTX *ctx, X509_STORE *store, X509 *x509,
ctx->check_policy = check_policy; ctx->check_policy = check_policy;
/*
* For ctx->cleanup running well in X509_STORE_CTX_cleanup ,
* initial all ctx before exceptional handling.
*/
ctx->param = X509_VERIFY_PARAM_new();
if (ctx->param == NULL) {
X509err(X509_F_X509_STORE_CTX_INIT, ERR_R_MALLOC_FAILURE);
goto err;
}
/*
* Inherit callbacks and flags from X509_STORE if not set use defaults.
*/
if (store)
ret = X509_VERIFY_PARAM_inherit(ctx->param, store->param);
else
ctx->param->inh_flags |= X509_VP_FLAG_DEFAULT | X509_VP_FLAG_ONCE;
if (ret)
ret = X509_VERIFY_PARAM_inherit(ctx->param,
X509_VERIFY_PARAM_lookup("default"));
if (ret == 0) {
X509err(X509_F_X509_STORE_CTX_INIT, ERR_R_MALLOC_FAILURE);
goto err;
}
/* /*
* Since X509_STORE_CTX_cleanup does a proper "free" on the ex_data, we * Since X509_STORE_CTX_cleanup does a proper "free" on the ex_data, we
* put a corresponding "new" here. * put a corresponding "new" here.
*/ */
if (!CRYPTO_new_ex_data(CRYPTO_EX_INDEX_X509_STORE_CTX, ctx, if (!CRYPTO_new_ex_data(CRYPTO_EX_INDEX_X509_STORE_CTX, ctx,
&(ctx->ex_data))) { &(ctx->ex_data))) {
OPENSSL_free(ctx);
X509err(X509_F_X509_STORE_CTX_INIT, ERR_R_MALLOC_FAILURE); X509err(X509_F_X509_STORE_CTX_INIT, ERR_R_MALLOC_FAILURE);
return 0; goto err;
} }
return 1; return 1;
err:
X509_STORE_CTX_cleanup(ctx);
return 0;
} }
/* /*