x509: fix a dangling pointer

If object was pointer was passed and an error occured the object was freed & the pointer returned. Fix this to NULL out the caller's pointer before returning. Fixes #15115 Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15238)
2024-11-21 01:15:20 +08:00 · 2021-05-12 14:22:52 +10:00 · 2021-05-12 14:22:52 +10:00 · 66ddc0759a
commit 66ddc0759a
parent b1423d04cd
1 changed files with 3 additions and 1 deletions
--- a/crypto/x509/x_x509.c
+++ b/crypto/x509/x_x509.c
@ -131,8 +131,10 @@ X509 *d2i_X509(X509 **a, const unsigned char **in, long len)
    /* Only cache the extensions if the cert object was passed in */
    if (cert != NULL && a != NULL) { /* then cert == *a */
        if (!ossl_x509v3_cache_extensions(cert)) {
-            if (free_on_error)
+            if (free_on_error) {
+                *a = NULL;
                X509_free(cert);
+            }
            cert = NULL;
        }
    }