The branch master has been updated via c4adc5ba5b4a7b5f999732fc565d0d6e3f8222e9 (commit) from a877d2629b8a512aae550be68b9afd91eae22f19 (commit)
- Log ----------------------------------------------------------------- commit c4adc5ba5b4a7b5f999732fc565d0d6e3f8222e9 Author: Dr. David von Oheimb <david.von.ohe...@siemens.com> Date: Sun Aug 30 13:25:40 2020 +0200 apps.c: Fix mem leaks on error in load_certs() and load_crls() Reviewed-by: Tim Hudson <t...@openssl.org> (Merged from https://github.com/openssl/openssl/pull/12823) ----------------------------------------------------------------------- Summary of changes: apps/lib/apps.c | 24 ++++++++++++++++++++---- 1 file changed, 20 insertions(+), 4 deletions(-) diff --git a/apps/lib/apps.c b/apps/lib/apps.c index b631a2670a..f10e91deb7 100644 --- a/apps/lib/apps.c +++ b/apps/lib/apps.c @@ -659,22 +659,38 @@ void* app_malloc(int sz, const char *what) /* * Initialize or extend, if *certs != NULL, a certificate stack. + * The caller is responsible for freeing *certs if its value is left not NULL. */ int load_certs(const char *uri, STACK_OF(X509) **certs, const char *pass, const char *desc) { - return load_key_certs_crls(uri, 0, pass, desc, NULL, NULL, - NULL, certs, NULL, NULL); + int was_NULL = *certs == NULL; + int ret = load_key_certs_crls(uri, 0, pass, desc, NULL, NULL, + NULL, certs, NULL, NULL); + + if (!ret && was_NULL) { + sk_X509_pop_free(*certs, X509_free); + *certs = NULL; + } + return ret; } /* * Initialize or extend, if *crls != NULL, a certificate stack. + * The caller is responsible for freeing *crls if its value is left not NULL. */ int load_crls(const char *uri, STACK_OF(X509_CRL) **crls, const char *pass, const char *desc) { - return load_key_certs_crls(uri, 0, pass, desc, NULL, NULL, - NULL, NULL, NULL, crls); + int was_NULL = *crls == NULL; + int ret = load_key_certs_crls(uri, 0, pass, desc, NULL, NULL, + NULL, NULL, NULL, crls); + + if (!ret && was_NULL) { + sk_X509_CRL_pop_free(*crls, X509_CRL_free); + *crls = NULL; + } + return ret; } /*