Fix loading more than one certificate in PEM format in X509_load_cert_file_ex()

Fixes #22895 Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/22885)
2025-01-18 13:44:20 +08:00 · 2023-11-30 12:53:40 +01:00 · 2023-11-30 12:53:40 +01:00 · 20c680de9c
commit 20c680de9c
parent 715833935b
1 changed files with 11 additions and 0 deletions
--- a/crypto/x509/by_file.c
+++ b/crypto/x509/by_file.c
@ -128,6 +128,17 @@ int X509_load_cert_file_ex(X509_LOOKUP *ctx, const char *file, int type,
                count = 0;
                goto err;
            }
+            /*
+             * X509_STORE_add_cert() added a reference rather than a copy,
+             * so we need a fresh X509 object.
+             */
+            X509_free(x);
+            x = X509_new_ex(libctx, propq);
+            if (x == NULL) {
+                ERR_raise(ERR_LIB_X509, ERR_R_ASN1_LIB);
+                count = 0;
+                goto err;
+            }
            count++;
        }
    } else if (type == X509_FILETYPE_ASN1) {