asn1_item_embed_new(): don't free an embedded item
An embedded item wasn't allocated separately on the heap, so don't free it as if it was. Issue discovered by Pavel Kopyl (Imported from upstream's cdc3307d4257f4fcebbab3b2b44207e1a399da05 and 65d414434aeecd5aa86a46adbfbcb59b4344503a.) I do not believe this is actually reachable in BoringSSL, even in the face of malloc errors. The only field which sets ASN1_TFLG_COMBINE is in X509_ATTRIBUTE. That field's value is X509_ATTRIBUTE_SET which cannot fail to initialize. (It is a CHOICE whose initialization consists of setting the selector to -1 and calling the type's callback which is unset for this type.) Change-Id: I29c080f8a4ddc2f3ef9c119d0d90a899d3cb78c5 Reviewed-on: https://boringssl-review.googlesource.com/22365 Commit-Queue: Steven Valdez <svaldez@google.com> Reviewed-by: Steven Valdez <svaldez@google.com> CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>
This commit is contained in:
parent
a67b101594
commit
4f94a8381a
@ -90,6 +90,9 @@ int OPENSSL_gmtime_diff(int *out_days, int *out_secs, const struct tm *from,
|
|||||||
int asn1_utctime_to_tm(struct tm *tm, const ASN1_UTCTIME *d);
|
int asn1_utctime_to_tm(struct tm *tm, const ASN1_UTCTIME *d);
|
||||||
int asn1_generalizedtime_to_tm(struct tm *tm, const ASN1_GENERALIZEDTIME *d);
|
int asn1_generalizedtime_to_tm(struct tm *tm, const ASN1_GENERALIZEDTIME *d);
|
||||||
|
|
||||||
|
void asn1_item_combine_free(ASN1_VALUE **pval, const ASN1_ITEM *it,
|
||||||
|
int combine);
|
||||||
|
|
||||||
|
|
||||||
#if defined(__cplusplus)
|
#if defined(__cplusplus)
|
||||||
} /* extern C */
|
} /* extern C */
|
||||||
|
@ -59,8 +59,7 @@
|
|||||||
#include <openssl/asn1t.h>
|
#include <openssl/asn1t.h>
|
||||||
#include <openssl/mem.h>
|
#include <openssl/mem.h>
|
||||||
|
|
||||||
static void asn1_item_combine_free(ASN1_VALUE **pval, const ASN1_ITEM *it,
|
#include "asn1_locl.h"
|
||||||
int combine);
|
|
||||||
|
|
||||||
/* Free up an ASN1 structure */
|
/* Free up an ASN1 structure */
|
||||||
|
|
||||||
@ -74,8 +73,7 @@ void ASN1_item_ex_free(ASN1_VALUE **pval, const ASN1_ITEM *it)
|
|||||||
asn1_item_combine_free(pval, it, 0);
|
asn1_item_combine_free(pval, it, 0);
|
||||||
}
|
}
|
||||||
|
|
||||||
static void asn1_item_combine_free(ASN1_VALUE **pval, const ASN1_ITEM *it,
|
void asn1_item_combine_free(ASN1_VALUE **pval, const ASN1_ITEM *it, int combine)
|
||||||
int combine)
|
|
||||||
{
|
{
|
||||||
const ASN1_TEMPLATE *tt = NULL, *seqtt;
|
const ASN1_TEMPLATE *tt = NULL, *seqtt;
|
||||||
const ASN1_EXTERN_FUNCS *ef;
|
const ASN1_EXTERN_FUNCS *ef;
|
||||||
|
@ -63,6 +63,7 @@
|
|||||||
#include <openssl/mem.h>
|
#include <openssl/mem.h>
|
||||||
#include <openssl/obj.h>
|
#include <openssl/obj.h>
|
||||||
|
|
||||||
|
#include "asn1_locl.h"
|
||||||
#include "../internal.h"
|
#include "../internal.h"
|
||||||
|
|
||||||
|
|
||||||
@ -201,7 +202,7 @@ static int asn1_item_ex_combine_new(ASN1_VALUE **pval, const ASN1_ITEM *it,
|
|||||||
return 1;
|
return 1;
|
||||||
|
|
||||||
memerr2:
|
memerr2:
|
||||||
ASN1_item_ex_free(pval, it);
|
asn1_item_combine_free(pval, it, combine);
|
||||||
memerr:
|
memerr:
|
||||||
OPENSSL_PUT_ERROR(ASN1, ERR_R_MALLOC_FAILURE);
|
OPENSSL_PUT_ERROR(ASN1, ERR_R_MALLOC_FAILURE);
|
||||||
#ifdef CRYPTO_MDEBUG
|
#ifdef CRYPTO_MDEBUG
|
||||||
@ -211,7 +212,7 @@ static int asn1_item_ex_combine_new(ASN1_VALUE **pval, const ASN1_ITEM *it,
|
|||||||
return 0;
|
return 0;
|
||||||
|
|
||||||
auxerr2:
|
auxerr2:
|
||||||
ASN1_item_ex_free(pval, it);
|
asn1_item_combine_free(pval, it, combine);
|
||||||
auxerr:
|
auxerr:
|
||||||
OPENSSL_PUT_ERROR(ASN1, ASN1_R_AUX_ERROR);
|
OPENSSL_PUT_ERROR(ASN1, ASN1_R_AUX_ERROR);
|
||||||
#ifdef CRYPTO_MDEBUG
|
#ifdef CRYPTO_MDEBUG
|
||||||
|
Loading…
Reference in New Issue
Block a user