Don't leak memory on ASN1_GENERALIZEDTIME_adj() error path

The ASN1_GENERALIZEDTIME_adj() function leaks an ASN1_GENERALIZEDTIME object on an error path. (Imported from upstream's fe71bb3ad97ed01ccf92812891cc2bc3ef3dce76.) Thanks to Jinguang Dong for pointing out the bug. Change-Id: I2c14662bb03b0cf957bd277bda487f05f07e89e7 Reviewed-on: https://boringssl-review.googlesource.com/12185 Commit-Queue: David Benjamin <davidben@google.com> Reviewed-by: Adam Langley <agl@google.com>
2016-11-10 09:18:08 -05:00 · 2016-11-10 09:18:08 -05:00 · 126fa278f8
commit 126fa278f8
parent 7f2ee3522d
1 changed files with 20 additions and 14 deletions
--- a/crypto/asn1/a_gentm.c
+++ b/crypto/asn1/a_gentm.c
@ -220,37 +220,43 @@ ASN1_GENERALIZEDTIME *ASN1_GENERALIZEDTIME_adj(ASN1_GENERALIZEDTIME *s,
    struct tm *ts;
    struct tm data;
    size_t len = 20;
+    ASN1_GENERALIZEDTIME *tmps = NULL;

    if (s == NULL)
-        s = M_ASN1_GENERALIZEDTIME_new();
-    if (s == NULL)
-        return (NULL);
+        tmps = ASN1_GENERALIZEDTIME_new();
+    else
+        tmps = s;
+    if (tmps == NULL)
+        return NULL;

    ts = OPENSSL_gmtime(&t, &data);
    if (ts == NULL)
-        return (NULL);
+        goto err;

    if (offset_day || offset_sec) {
        if (!OPENSSL_gmtime_adj(ts, offset_day, offset_sec))
-            return NULL;
+            goto err;
    }

-    p = (char *)s->data;
-    if ((p == NULL) || ((size_t)s->length < len)) {
+    p = (char *)tmps->data;
+    if ((p == NULL) || ((size_t)tmps->length < len)) {
        p = OPENSSL_malloc(len);
        if (p == NULL) {
            OPENSSL_PUT_ERROR(ASN1, ERR_R_MALLOC_FAILURE);
-            return (NULL);
+            goto err;
        }
-        if (s->data != NULL)
-            OPENSSL_free(s->data);
-        s->data = (unsigned char *)p;
+        OPENSSL_free(tmps->data);
+        tmps->data = (unsigned char *)p;
    }

    BIO_snprintf(p, len, "%04d%02d%02d%02d%02d%02dZ", ts->tm_year + 1900,
                 ts->tm_mon + 1, ts->tm_mday, ts->tm_hour, ts->tm_min,
                 ts->tm_sec);
-    s->length = strlen(p);
-    s->type = V_ASN1_GENERALIZEDTIME;
-    return (s);
+    tmps->length = strlen(p);
+    tmps->type = V_ASN1_GENERALIZEDTIME;
+    return tmps;
+ err:
+    if (s == NULL)
+        ASN1_GENERALIZEDTIME_free(tmps);
+    return NULL;
 }