Fix an error path leak in do_ext_nconf()

(Imported from upstream's 4457017587efae316ac10b159f2e5b0cc81d9921. This
also applies the change in
https://github.com/openssl/openssl/pull/1351.)

Change-Id: Ief4e4b282f5e987981922d127b5345d374d009cf
Reviewed-on: https://boringssl-review.googlesource.com/8941
Reviewed-by: Adam Langley <agl@google.com>
Commit-Queue: Adam Langley <agl@google.com>
CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>
This commit is contained in:
David Benjamin 2016-07-26 11:44:54 -04:00 committed by CQ bot account: commit-bot@chromium.org
parent 4ff41f614c
commit 599922feee

View File

@ -138,10 +138,12 @@ static X509_EXTENSION *do_ext_nconf(CONF *conf, X509V3_CTX *ctx, int ext_nid,
nval = NCONF_get_section(conf, value + 1);
else
nval = X509V3_parse_list(value);
if (sk_CONF_VALUE_num(nval) <= 0) {
if (nval == NULL || sk_CONF_VALUE_num(nval) <= 0) {
OPENSSL_PUT_ERROR(X509V3, X509V3_R_INVALID_EXTENSION_STRING);
ERR_add_error_data(4, "name=", OBJ_nid2sn(ext_nid), ",section=",
value);
if (*value != '@')
sk_CONF_VALUE_pop_free(nval, X509V3_conf_free);
return NULL;
}
ext_struc = method->v2i(method, ctx, nval);