Download raw body.
[PATCH] libressl: Fix memory leak in nref_nos on error
Hi
This patch fixes a memory leak when an error occurs in nref_nos when
calling sk_ASN1_INTEGER_push in libressl. If the push operation fails,
aint is never freed.
While here, also use the proper operation in sk_ASN1_INTEGER_pop_free,
although they're synonyms so it doesn't really matter except for code style.
This issue was found via an experimental static analyzer I'm working on,
and I manually read the code to verify whether this is a real bug or not.
---------------------------------------------------------------------------
diff --git lib/libcrypto/x509/x509_cpols.c lib/libcrypto/x509/x509_cpols.c
index b6a456023fb..b3e8a992c04 100644
--- lib/libcrypto/x509/x509_cpols.c
+++ lib/libcrypto/x509/x509_cpols.c
@@ -680,8 +680,10 @@ nref_nos(STACK_OF(ASN1_INTEGER) *nnums,
STACK_OF(CONF_VALUE) *nos)
X509V3error(X509V3_R_INVALID_NUMBER);
goto err;
}
- if (!sk_ASN1_INTEGER_push(nnums, aint))
+ if (!sk_ASN1_INTEGER_push(nnums, aint)) {
+ ASN1_INTEGER_free(aint);
goto merr;
+ }
}
return 1;
@@ -689,7 +691,7 @@ merr:
X509V3error(ERR_R_MALLOC_FAILURE);
err:
- sk_ASN1_INTEGER_pop_free(nnums, ASN1_STRING_free);
+ sk_ASN1_INTEGER_pop_free(nnums, ASN1_INTEGER_free);
return 0;
}
[PATCH] libressl: Fix memory leak in nref_nos on error