v3_cpols.c -- patch: add check for error condition (heap alloc failure)

Ger Hobbelt via RT Wed, 11 Mar 2009 05:56:58 -0700

patch attached: return value was not checked, causing havoc later
along the line (under particular memory conditions).


diff produced & inspected against latest 0.9.9 CVS HEAD.

-- 
Met vriendelijke groeten / Best regards,

Ger Hobbelt

--------------------------------------------------
web:    http://www.hobbelt.com/
        http://www.hebbut.net/
mail:   [email protected]
mobile: +31-6-11 120 978
--------------------------------------------------

--- /home/ger/prj/1original/openssl/openssl/./crypto/x509v3/v3_cpols.c	2008-11-12 20:36:05.000000000 +0100
+++ ./crypto/x509v3/v3_cpols.c	2008-11-29 12:58:57.000000000 +0100
@@ -181,7 +181,11 @@
 			pol = POLICYINFO_new();
 			pol->policyid = pobj;
 		}
-		sk_POLICYINFO_push(pols, pol);
+		if (!sk_POLICYINFO_push(pols, pol)){ /* [i_a] */
+			POLICYINFO_free(pol);
+			X509V3err(X509V3_F_R2I_CERTPOL, ERR_R_MALLOC_FAILURE);
+			goto err;
+		}
 	}
 	sk_CONF_VALUE_pop_free(vals, X509V3_conf_free);
 	return pols;
@@ -447,3 +451,6 @@
 		BIO_printf(out, "%*sNo Qualifiers\n", indent + 2, "");
 	}
 
+
+IMPLEMENT_STACK_OF(X509_POLICY_NODE);  /* [i_a] */
+

[openssl.org #1864] crypto/x509v3/v3_cpols.c -- patch: add check for error condition (heap alloc failure)

Reply via email to