asn1_item_embed_new(): don't free an embedded item

An embedded item wasn't allocated separately on the heap, so don't
free it as if it was.

Issue discovered by Pavel Kopyl

(Imported from upstream's cdc3307d4257f4fcebbab3b2b44207e1a399da05 and
65d414434aeecd5aa86a46adbfbcb59b4344503a.)

I do not believe this is actually reachable in BoringSSL, even in the
face of malloc errors. The only field which sets ASN1_TFLG_COMBINE is in
X509_ATTRIBUTE. That field's value is X509_ATTRIBUTE_SET which cannot
fail to initialize. (It is a CHOICE whose initialization consists of
setting the selector to -1 and calling the type's callback which is
unset for this type.)

Change-Id: I29c080f8a4ddc2f3ef9c119d0d90a899d3cb78c5
Reviewed-on: https://boringssl-review.googlesource.com/22365
Commit-Queue: Steven Valdez <svaldez@google.com>
Reviewed-by: Steven Valdez <svaldez@google.com>
CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>
This commit is contained in:
David Benjamin 2017-10-30 11:00:42 -04:00 committed by CQ bot account: commit-bot@chromium.org
parent a67b101594
commit 4f94a8381a
3 changed files with 8 additions and 6 deletions

View File

@ -90,6 +90,9 @@ int OPENSSL_gmtime_diff(int *out_days, int *out_secs, const struct tm *from,
int asn1_utctime_to_tm(struct tm *tm, const ASN1_UTCTIME *d); int asn1_utctime_to_tm(struct tm *tm, const ASN1_UTCTIME *d);
int asn1_generalizedtime_to_tm(struct tm *tm, const ASN1_GENERALIZEDTIME *d); int asn1_generalizedtime_to_tm(struct tm *tm, const ASN1_GENERALIZEDTIME *d);
void asn1_item_combine_free(ASN1_VALUE **pval, const ASN1_ITEM *it,
int combine);
#if defined(__cplusplus) #if defined(__cplusplus)
} /* extern C */ } /* extern C */

View File

@ -59,8 +59,7 @@
#include <openssl/asn1t.h> #include <openssl/asn1t.h>
#include <openssl/mem.h> #include <openssl/mem.h>
static void asn1_item_combine_free(ASN1_VALUE **pval, const ASN1_ITEM *it, #include "asn1_locl.h"
int combine);
/* Free up an ASN1 structure */ /* Free up an ASN1 structure */
@ -74,8 +73,7 @@ void ASN1_item_ex_free(ASN1_VALUE **pval, const ASN1_ITEM *it)
asn1_item_combine_free(pval, it, 0); asn1_item_combine_free(pval, it, 0);
} }
static void asn1_item_combine_free(ASN1_VALUE **pval, const ASN1_ITEM *it, void asn1_item_combine_free(ASN1_VALUE **pval, const ASN1_ITEM *it, int combine)
int combine)
{ {
const ASN1_TEMPLATE *tt = NULL, *seqtt; const ASN1_TEMPLATE *tt = NULL, *seqtt;
const ASN1_EXTERN_FUNCS *ef; const ASN1_EXTERN_FUNCS *ef;

View File

@ -63,6 +63,7 @@
#include <openssl/mem.h> #include <openssl/mem.h>
#include <openssl/obj.h> #include <openssl/obj.h>
#include "asn1_locl.h"
#include "../internal.h" #include "../internal.h"
@ -201,7 +202,7 @@ static int asn1_item_ex_combine_new(ASN1_VALUE **pval, const ASN1_ITEM *it,
return 1; return 1;
memerr2: memerr2:
ASN1_item_ex_free(pval, it); asn1_item_combine_free(pval, it, combine);
memerr: memerr:
OPENSSL_PUT_ERROR(ASN1, ERR_R_MALLOC_FAILURE); OPENSSL_PUT_ERROR(ASN1, ERR_R_MALLOC_FAILURE);
#ifdef CRYPTO_MDEBUG #ifdef CRYPTO_MDEBUG
@ -211,7 +212,7 @@ static int asn1_item_ex_combine_new(ASN1_VALUE **pval, const ASN1_ITEM *it,
return 0; return 0;
auxerr2: auxerr2:
ASN1_item_ex_free(pval, it); asn1_item_combine_free(pval, it, combine);
auxerr: auxerr:
OPENSSL_PUT_ERROR(ASN1, ASN1_R_AUX_ERROR); OPENSSL_PUT_ERROR(ASN1, ASN1_R_AUX_ERROR);
#ifdef CRYPTO_MDEBUG #ifdef CRYPTO_MDEBUG