On Wed, Mar 19, 2025 at 01:47:24PM +0100, Niels Dossche wrote:
> Hi
> 
> This patch fixes a memory leak when an error occurs in x509_name_encode in libressl.

Thanks. While this patch is correct, I think it only addresses a tiny
aspect of all that's wrong in this function... What a horror show. I
need to think about this for a few days.

> 
> This issue was found via an experimental static analyzer I'm working on,
> and I manually read the code to verify whether this is a real bug or not.
> 
> 
> ---------------------------------------------------------------------------
> diff --git lib/libcrypto/asn1/x_name.c lib/libcrypto/asn1/x_name.c
> index 7bacd833404..b472ec88c74 100644
> --- lib/libcrypto/asn1/x_name.c
> +++ lib/libcrypto/asn1/x_name.c
> @@ -414,8 +414,10 @@ x509_name_encode(X509_NAME *a)
>  			if (!entries)
>  				goto memerr;
>  			if (!sk_STACK_OF_X509_NAME_ENTRY_push(intname.s,
> -			    entries))
> +			    entries)) {
> +				sk_X509_NAME_ENTRY_free(entries);
>  				goto memerr;
> +			}
>  			set = entry->set;
>  		}
>  		if (entries == NULL /* if entry->set is bogusly -1 */ ||
>