Fix potential leak in error path in cert_response()

get1_cert_status() returns an object that must be freed, but the error path does not do that. Fix it by adding a call to X509_free() in the error path. Reviewed-by: Viktor Dukhovni <viktor@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/26513)
2025-03-31 20:10:45 +08:00 · 2025-01-22 14:35:25 +01:00 · 2025-01-22 14:35:25 +01:00 · 56160f173d
commit 56160f173d
parent b4fab70bfb
1 changed files with 3 additions and 1 deletions
--- a/crypto/cmp/cmp_client.c
+++ b/crypto/cmp/cmp_client.c
@ -736,8 +736,10 @@ static int cert_response(OSSL_CMP_CTX *ctx, int sleep, int rid,
        ERR_add_error_data(1, "; cannot extract certificate from response");
        return 0;
    }
-    if (!ossl_cmp_ctx_set0_newCert(ctx, cert))
+    if (!ossl_cmp_ctx_set0_newCert(ctx, cert)) {
+        X509_free(cert);
        return 0;
+    }

    /*
     * if the CMP server returned certificates in the caPubs field, copy them