From 934b57e8c93da223a26aed5aeeaf174fd8bf2433 Mon Sep 17 00:00:00 2001 From: Steven Valdez Date: Thu, 8 Sep 2016 11:16:24 -0400 Subject: [PATCH] Fix a few leaks in X509_REQ_to_X509. (Imported from upstream's a404656a8b40d9f1172e5e330f7e2d9d87cabab8) Change-Id: I4ddebfbaeab433bae7c1393a8258d786801bb633 Reviewed-on: https://boringssl-review.googlesource.com/10920 Reviewed-by: David Benjamin Commit-Queue: David Benjamin CQ-Verified: CQ bot account: commit-bot@chromium.org --- crypto/x509/x509_r2x.c | 14 +++++++++----- 1 file changed, 9 insertions(+), 5 deletions(-) diff --git a/crypto/x509/x509_r2x.c b/crypto/x509/x509_r2x.c index 83951a2e..9bdf441f 100644 --- a/crypto/x509/x509_r2x.c +++ b/crypto/x509/x509_r2x.c @@ -68,10 +68,12 @@ X509 *X509_REQ_to_X509(X509_REQ *r, int days, EVP_PKEY *pkey) X509 *ret = NULL; X509_CINF *xi = NULL; X509_NAME *xn; + EVP_PKEY *pubkey = NULL; + int res; if ((ret = X509_new()) == NULL) { OPENSSL_PUT_ERROR(X509, ERR_R_MALLOC_FAILURE); - goto err; + return NULL; } /* duplicate the request */ @@ -89,9 +91,9 @@ X509 *X509_REQ_to_X509(X509_REQ *r, int days, EVP_PKEY *pkey) } xn = X509_REQ_get_subject_name(r); - if (X509_set_subject_name(ret, X509_NAME_dup(xn)) == 0) + if (X509_set_subject_name(ret, xn) == 0) goto err; - if (X509_set_issuer_name(ret, X509_NAME_dup(xn)) == 0) + if (X509_set_issuer_name(ret, xn) == 0) goto err; if (X509_gmtime_adj(xi->validity->notBefore, 0) == NULL) @@ -100,9 +102,11 @@ X509 *X509_REQ_to_X509(X509_REQ *r, int days, EVP_PKEY *pkey) NULL) goto err; - X509_set_pubkey(ret, X509_REQ_get_pubkey(r)); + pubkey = X509_REQ_get_pubkey(r); + res = X509_set_pubkey(ret, pubkey); + EVP_PKEY_free(pubkey); - if (!X509_sign(ret, pkey, EVP_md5())) + if (!res || !X509_sign(ret, pkey, EVP_md5())) goto err; if (0) { err: