73 lines
2.5 KiB
Diff
73 lines
2.5 KiB
Diff
From 3cc6933555a0c66328ec659b5bb86c57b6402e1e Mon Sep 17 00:00:00 2001
|
|
From: Clemens Lang <cllang@redhat.com>
|
|
Date: Wed, 24 May 2023 13:12:54 +0200
|
|
Subject: [PATCH] x509: Handle ossl_policy_level_add_node errors
|
|
|
|
The invocation of ossl_policy_level_add_node in tree_calculate_user_set
|
|
did not have any error handling. Add it to prevent a memory leak for the
|
|
allocated extra policy data.
|
|
|
|
Also add error handling to sk_X509_POLICY_NODE_push to ensure that if
|
|
a new node was allocated, but could not be added to the stack, it is
|
|
freed correctly.
|
|
|
|
Fix error handling if tree->user_policies cannot be allocated by
|
|
returning 0, indicating failure, rather than 1.
|
|
|
|
Signed-off-by: Clemens Lang <cllang@redhat.com>
|
|
|
|
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
|
|
Reviewed-by: Matt Caswell <matt@openssl.org>
|
|
Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de>
|
|
Reviewed-by: Tomas Mraz <tomas@openssl.org>
|
|
(Merged from https://github.com/openssl/openssl/pull/21066)
|
|
---
|
|
crypto/x509v3/pcy_tree.c | 19 +++++++++++++++----
|
|
1 file changed, 15 insertions(+), 4 deletions(-)
|
|
|
|
diff --git a/crypto/x509v3/pcy_tree.c b/crypto/x509v3/pcy_tree.c
|
|
index 6c7fd35405..3c504e82c6 100644
|
|
--- a/crypto/x509v3/pcy_tree.c
|
|
+++ b/crypto/x509v3/pcy_tree.c
|
|
@@ -25,6 +25,8 @@
|
|
# define OPENSSL_POLICY_TREE_NODES_MAX 1000
|
|
#endif
|
|
|
|
+static void exnode_free(X509_POLICY_NODE *node);
|
|
+
|
|
/*
|
|
* Enable this to print out the complete policy tree at various point during
|
|
* evaluation.
|
|
@@ -572,15 +574,24 @@ static int tree_calculate_user_set(X509_POLICY_TREE *tree,
|
|
extra->qualifier_set = anyPolicy->data->qualifier_set;
|
|
extra->flags = POLICY_DATA_FLAG_SHARED_QUALIFIERS
|
|
| POLICY_DATA_FLAG_EXTRA_NODE;
|
|
- node = level_add_node(NULL, extra, anyPolicy->parent, tree, 1);
|
|
+ node = level_add_node(NULL, extra, anyPolicy->parent,
|
|
+ tree, 1);
|
|
+ if (node == NULL) {
|
|
+ policy_data_free(extra);
|
|
+ return 0;
|
|
+ }
|
|
}
|
|
if (!tree->user_policies) {
|
|
tree->user_policies = sk_X509_POLICY_NODE_new_null();
|
|
- if (!tree->user_policies)
|
|
- return 1;
|
|
+ if (!tree->user_policies) {
|
|
+ exnode_free(node);
|
|
+ return 0;
|
|
+ }
|
|
}
|
|
- if (!sk_X509_POLICY_NODE_push(tree->user_policies, node))
|
|
+ if (!sk_X509_POLICY_NODE_push(tree->user_policies, node)) {
|
|
+ exnode_free(node);
|
|
return 0;
|
|
+ }
|
|
}
|
|
return 1;
|
|
}
|
|
--
|
|
2.27.0
|
|
|