mirrors/haproxy
1
0
Fork 0
mirror of https://git.haproxy.org/git/haproxy.git/ synced 2026-05-04 12:41:00 +02:00
Code Issues Projects Releases Wiki Activity

BUG/MINOR: acme: fix X509_NAME leak when X509_set_issuer_name() fails

Browse Source 
In acme_gen_tmp_x509(), if X509_set_issuer_name() fails, the code
jumped to the mkcert_error label without freeing the previously
allocated X509_NAME object. The other error paths after X509_NAME_new()
(X509_NAME_add_entry_by_txt and X509_set_subject_name) already properly
freed the name before jumping to mkcert_error, but this one was missed.

Fix this by freeing name before the goto, consistent with the other
error paths in the same function.

Must be backported as far as 3.3.
This commit is contained in:
David Carlier 2026-02-18 21:55:00 +00:00 committed by William Lallemand
parent 92e3635679
commit 194a67600e
1 changed files with 3 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
src/acme.c
View File

@ -2681,8 +2681,10 @@ X509 *acme_gen_tmp_x509()
goto mkcert_error;
}
/* Set issuer name as itself */
if (X509_set_issuer_name(newcrt, name) != 1)
if (X509_set_issuer_name(newcrt, name) != 1) {
X509_NAME_free(name);
goto mkcert_error;
}
X509_NAME_free(name);
/* Autosign the certificate with the private key */