Make sure x509v3_cache_extensions() does not modify the error queue

Reviewed-by: Shane Lontis <shane.lontis@oracle.com> (Merged from https://github.com/openssl/openssl/pull/11808)
2025-01-18 13:44:20 +08:00 · 2020-08-12 22:07:51 +02:00 · 2020-08-12 22:07:51 +02:00 · de3713d492
commit de3713d492
parent be63e58732
1 changed files with 2 additions and 0 deletions
--- a/crypto/x509/v3_purp.c
+++ b/crypto/x509/v3_purp.c
@ -396,6 +396,7 @@ int x509v3_cache_extensions(X509 *x)
        CRYPTO_THREAD_unlock(x->lock);
        return (x->ex_flags & EXFLAG_INVALID) == 0;
    }
+    ERR_set_mark();

    if (!X509_digest(x, EVP_sha1(), x->sha1_hash, NULL))
            x->ex_flags |= EXFLAG_INVALID;
@ -572,6 +573,7 @@ int x509v3_cache_extensions(X509 *x)
     * all stores are visible on all processors. Hence the release fence.
     */
 #endif
+    ERR_pop_to_mark();
    CRYPTO_THREAD_unlock(x->lock);

    return (x->ex_flags & EXFLAG_INVALID) == 0;