diff options
| author |   tb <tb@openbsd.org> | 2020-09-20 19:13:06 +0000 |
|---|---|---|
| committer | tb <tb@openbsd.org> | 2020-09-20 19:13:06 +0000 |
| commit | 73cc06fd813e794b30ebbb25563b58531a823e43 (patch) | |
| tree | 695dcad05eee14eadba9d0952148563769698acb /lib | |
| parent | KNF/whitespace nits (diff) | |
| download | wireguard-openbsd-73cc06fd813e794b30ebbb25563b58531a823e43.tar.xz wireguard-openbsd-73cc06fd813e794b30ebbb25563b58531a823e43.zip | |
Avoid memleak caused by shadowing
The outer scope in x509_constraints_extract_names() contains a vname
variable which will be freed on error, but an inner scope contains
another vname that won't be freed, e.g., if x509_constraints_names_add
fails.
Found by llvm scan-build.
ok beck
Diffstat (limited to 'lib')
| -rw-r--r-- | lib/libcrypto/x509/x509_constraints.c | 7 |
1 files changed, 5 insertions, 2 deletions
diff --git a/lib/libcrypto/x509/x509_constraints.c b/lib/libcrypto/x509/x509_constraints.c index 34795c07963..f50a55c6ac1 100644 --- a/lib/libcrypto/x509/x509_constraints.c +++ b/lib/libcrypto/x509/x509_constraints.c @@ -1,4 +1,4 @@ -/* $OpenBSD: x509_constraints.c,v 1.7 2020/09/20 18:32:33 tb Exp $ */ +/* $OpenBSD: x509_constraints.c,v 1.8 2020/09/20 19:13:06 tb Exp $ */ /* * Copyright (c) 2020 Bob Beck <beck@openbsd.org> * @@ -769,9 +769,12 @@ x509_constraints_extract_names(struct x509_constraints_names *names, } subject_name = X509_get_subject_name(cert); if (X509_NAME_entry_count(subject_name) > 0) { - struct x509_constraints_name *vname = NULL; X509_NAME_ENTRY *email; X509_NAME_ENTRY *cn; + + x509_constraints_name_free(vname); + vname = NULL; + /* * This cert has a non-empty subject, so we must add * the subject as a dirname to be compared against |