Fix an error path leak in int X509_ATTRIBUTE_set1_data()

(Imported from upstream's e6f65f769d87846bdc5b58ef8d2ef4074044022d.) Change-Id: I95df13561481e98faaf8227561228c151dd344b6 Reviewed-on: https://boringssl-review.googlesource.com/8942 Reviewed-by: Adam Langley <agl@google.com> Commit-Queue: Adam Langley <agl@google.com> CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>
2016-07-26 11:47:45 -04:00 · 2016-07-26 11:47:45 -04:00 · ee2aea0d9b
commit ee2aea0d9b
parent 51162639ec
1 changed files with 9 additions and 3 deletions
--- a/crypto/x509/x509_att.c
+++ b/crypto/x509/x509_att.c
@ -287,7 +287,7 @@ int X509_ATTRIBUTE_set1_object(X509_ATTRIBUTE *attr, const ASN1_OBJECT *obj)
 int X509_ATTRIBUTE_set1_data(X509_ATTRIBUTE *attr, int attrtype,
                             const void *data, int len)
 {
-    ASN1_TYPE *ttmp;
+    ASN1_TYPE *ttmp = NULL;
    ASN1_STRING *stmp = NULL;
    int atype = 0;
    if (!attr)
@ -315,20 +315,26 @@ int X509_ATTRIBUTE_set1_data(X509_ATTRIBUTE *attr, int attrtype,
     * least one value but some types use and zero length SET and require
     * this.
     */
-    if (attrtype == 0)
+    if (attrtype == 0) {
+        ASN1_STRING_free(stmp);
        return 1;
+    }
    if (!(ttmp = ASN1_TYPE_new()))
        goto err;
    if ((len == -1) && !(attrtype & MBSTRING_FLAG)) {
        if (!ASN1_TYPE_set1(ttmp, attrtype, data))
            goto err;
-    } else
+    } else {
        ASN1_TYPE_set(ttmp, atype, stmp);
+        stmp = NULL;
+    }
    if (!sk_ASN1_TYPE_push(attr->value.set, ttmp))
        goto err;
    return 1;
 err:
    OPENSSL_PUT_ERROR(X509, ERR_R_MALLOC_FAILURE);
+    ASN1_TYPE_free(ttmp);
+    ASN1_STRING_free(stmp);
    return 0;
 }