The branch master has been updated
via 5ee289eaf6fa747e6b63b989c7a79ff1c9c95db3 (commit)
from 0fe2a0af8976af505b35e4be100deb8d64451015 (commit)
- Log -----------------------------------------------------------------
commit 5ee289eaf6fa747e6b63b989c7a79ff1c9c95db3
Author: Matt Caswell <[email protected]>
Date: Wed Jan 25 14:45:12 2017 +0000
Fix memory leaks in the Certificate extensions code
After collecting extensions we must free them again.
Reviewed-by: Rich Salz <[email protected]>
(Merged from https://github.com/openssl/openssl/pull/2284)
-----------------------------------------------------------------------
Summary of changes:
ssl/statem/statem_clnt.c | 5 ++++-
ssl/statem/statem_srvr.c | 5 ++++-
2 files changed, 8 insertions(+), 2 deletions(-)
diff --git a/ssl/statem/statem_clnt.c b/ssl/statem/statem_clnt.c
index 80ae480..6599d43 100644
--- a/ssl/statem/statem_clnt.c
+++ b/ssl/statem/statem_clnt.c
@@ -1425,8 +1425,11 @@ MSG_PROCESS_RETURN tls_process_server_certificate(SSL
*s, PACKET *pkt)
if (!tls_collect_extensions(s, &extensions, EXT_TLS1_3_CERTIFICATE,
&rawexts, &al)
|| !tls_parse_all_extensions(s, EXT_TLS1_3_CERTIFICATE,
- rawexts, x, chainidx, &al))
+ rawexts, x, chainidx, &al)) {
+ OPENSSL_free(rawexts);
goto f_err;
+ }
+ OPENSSL_free(rawexts);
}
if (!sk_X509_push(sk, x)) {
diff --git a/ssl/statem/statem_srvr.c b/ssl/statem/statem_srvr.c
index 4d6afd6..3bde0d6 100644
--- a/ssl/statem/statem_srvr.c
+++ b/ssl/statem/statem_srvr.c
@@ -3061,8 +3061,11 @@ MSG_PROCESS_RETURN tls_process_client_certificate(SSL
*s, PACKET *pkt)
if (!tls_collect_extensions(s, &extensions, EXT_TLS1_3_CERTIFICATE,
&rawexts, &al)
|| !tls_parse_all_extensions(s, EXT_TLS1_3_CERTIFICATE,
- rawexts, x, chainidx, &al))
+ rawexts, x, chainidx, &al)) {
+ OPENSSL_free(rawexts);
goto f_err;
+ }
+ OPENSSL_free(rawexts);
}
if (!sk_X509_push(sk, x)) {
_____
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
