Fix a few leaks in X509_REQ_to_X509.

(Imported from upstream's a404656a8b40d9f1172e5e330f7e2d9d87cabab8) Change-Id: I4ddebfbaeab433bae7c1393a8258d786801bb633 Reviewed-on: https://boringssl-review.googlesource.com/10920 Reviewed-by: David Benjamin <davidben@google.com> Commit-Queue: David Benjamin <davidben@google.com> CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>
2016-09-08 11:16:24 -04:00 · 2016-09-08 11:16:24 -04:00 · 934b57e8c9
commit 934b57e8c9
parent c241d79261
1 changed files with 9 additions and 5 deletions
--- a/crypto/x509/x509_r2x.c
+++ b/crypto/x509/x509_r2x.c
@ -68,10 +68,12 @@ X509 *X509_REQ_to_X509(X509_REQ *r, int days, EVP_PKEY *pkey)
    X509 *ret = NULL;
    X509_CINF *xi = NULL;
    X509_NAME *xn;
    EVP_PKEY *pubkey = NULL;
    int res;
    if ((ret = X509_new()) == NULL) {
        OPENSSL_PUT_ERROR(X509, ERR_R_MALLOC_FAILURE);
-        goto err;
+        return NULL;
    }
    /* duplicate the request */
@ -89,9 +91,9 @@ X509 *X509_REQ_to_X509(X509_REQ *r, int days, EVP_PKEY *pkey)
    }
    xn = X509_REQ_get_subject_name(r);
-    if (X509_set_subject_name(ret, X509_NAME_dup(xn)) == 0)
+    if (X509_set_subject_name(ret, xn) == 0)
        goto err;
-    if (X509_set_issuer_name(ret, X509_NAME_dup(xn)) == 0)
+    if (X509_set_issuer_name(ret, xn) == 0)
        goto err;
    if (X509_gmtime_adj(xi->validity->notBefore, 0) == NULL)
@ -100,9 +102,11 @@ X509 *X509_REQ_to_X509(X509_REQ *r, int days, EVP_PKEY *pkey)
        NULL)
        goto err;
-    X509_set_pubkey(ret, X509_REQ_get_pubkey(r));
+    pubkey = X509_REQ_get_pubkey(r);
    res = X509_set_pubkey(ret, pubkey);
    EVP_PKEY_free(pubkey);
-    if (!X509_sign(ret, pkey, EVP_md5()))
+    if (!res || !X509_sign(ret, pkey, EVP_md5()))
        goto err;
    if (0) {
 err: