v2i_AUTHORITY_KEYID(): Correct out-of-memory behavior and avoid mem leaks

Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/13614)
2025-01-18 13:44:20 +08:00 · 2020-12-07 17:45:09 +01:00 · 2020-12-07 17:45:09 +01:00 · 8ca661abd7
commit 8ca661abd7
parent f902716f24
1 changed files with 9 additions and 8 deletions
--- a/crypto/x509/v3_akey.c
+++ b/crypto/x509/v3_akey.c
@ -87,7 +87,10 @@ static AUTHORITY_KEYID *v2i_AUTHORITY_KEYID(X509V3_EXT_METHOD *method,
    ASN1_INTEGER *serial = NULL;
    X509_EXTENSION *ext;
    X509 *cert;
-    AUTHORITY_KEYID *akeyid;
+    AUTHORITY_KEYID *akeyid = AUTHORITY_KEYID_new();
+
+    if (akeyid == NULL)
+        goto err;

    for (i = 0; i < sk_CONF_VALUE_num(values); i++) {
        cnf = sk_CONF_VALUE_value(values, i);
@ -102,15 +105,15 @@ static AUTHORITY_KEYID *v2i_AUTHORITY_KEYID(X509V3_EXT_METHOD *method,
        } else {
            ERR_raise_data(ERR_LIB_X509V3, X509V3_R_UNKNOWN_OPTION,
                           "name=%s", cnf->name);
-            return NULL;
+            goto err;
        }
    }

    if (!ctx || !ctx->issuer_cert) {
        if (ctx && (ctx->flags == CTX_TEST))
-            return AUTHORITY_KEYID_new();
+            return akeyid;
        ERR_raise(ERR_LIB_X509V3, X509V3_R_NO_ISSUER_CERTIFICATE);
-        return NULL;
+        goto err;
    }

    cert = ctx->issuer_cert;
@ -121,7 +124,7 @@ static AUTHORITY_KEYID *v2i_AUTHORITY_KEYID(X509V3_EXT_METHOD *method,
            ikeyid = X509V3_EXT_d2i(ext);
        if ((keyid == 2 || issuer == 0) && ikeyid == NULL) {
            ERR_raise(ERR_LIB_X509V3, X509V3_R_UNABLE_TO_GET_ISSUER_KEYID);
-            return NULL;
+            goto err;
        }
    }

@ -134,9 +137,6 @@ static AUTHORITY_KEYID *v2i_AUTHORITY_KEYID(X509V3_EXT_METHOD *method,
        }
    }

-    if ((akeyid = AUTHORITY_KEYID_new()) == NULL)
-        goto err;
-
    if (isname) {
        if ((gens = sk_GENERAL_NAME_new_null()) == NULL
            || (gen = GENERAL_NAME_new()) == NULL
@ -162,5 +162,6 @@ static AUTHORITY_KEYID *v2i_AUTHORITY_KEYID(X509V3_EXT_METHOD *method,
    X509_NAME_free(isname);
    ASN1_INTEGER_free(serial);
    ASN1_OCTET_STRING_free(ikeyid);
+    AUTHORITY_KEYID_free(akeyid);
    return NULL;
 }