root
/
openssl
mirror of https://github.com/openssl/openssl.git
1
0
Fork 0
Code Issues Actions 7 Packages Projects Releases Wiki Activity

ossl_cms_get1_crls_ex(): Avoid doublefree if CRL up ref fails 

Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
(Merged from https://github.com/openssl/openssl/pull/26100)
This commit is contained in:
Tomas Mraz 2024-12-05 09:29:08 +01:00
parent afd36cbef8
commit ef0be53f90
1 changed files with 4 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
crypto/cms/cms_lib.c
View File

@ -15,6 +15,7 @@
#include <openssl/asn1.h>
#include <openssl/cms.h>
#include "internal/sizes.h"
#include "internal/cryptlib.h"
#include "crypto/x509.h"
#include "cms_local.h"
@ -696,8 +697,9 @@ int ossl_cms_get1_crls_ex(CMS_ContentInfo *cms, STACK_OF(X509_CRL) **crls)
for (i = 0; i < n; i++) {
rch = sk_CMS_RevocationInfoChoice_value(*pcrls, i);
if (rch->type == 0) {
if (!sk_X509_CRL_push(*crls, rch->d.crl)
|| !X509_CRL_up_ref(rch->d.crl)) {
if (!X509_CRL_up_ref(rch->d.crl)
|| !ossl_assert(sk_X509_CRL_push(*crls, rch->d.crl))) {
/* push cannot fail on reserved stack */
sk_X509_CRL_pop_free(*crls, X509_CRL_free);
*crls = NULL;
return 0;