mirrors/haproxy
1
0
Fork 0
mirror of https://git.haproxy.org/git/haproxy.git/ synced 2026-03-28 19:41:28 +01:00
Code Issues Projects Releases Wiki Activity

BUG/MINOR: acme: leak of ext_san upon insertion error

Browse Source 
This patch fixes a leak of the ext_san structure when
sk_X509_EXTENSION_push() failed. sk_X509_EXTENSION_pop_free() is already
suppose to free it, so ext_san must be set to NULL upon success to avoid
a double-free.

Must be backported to 3.2 and later.
This commit is contained in:
William Lallemand 2026-03-23 11:42:43 +01:00
parent c6fc53aa99
commit 5a0fbbf1ca
1 changed files with 5 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
src/acme.c
View File

@ -2528,7 +2528,7 @@ X509_REQ *acme_x509_req(EVP_PKEY *pkey, char **san)
X509_REQ *x = NULL;
X509_NAME *nm = NULL;
STACK_OF(X509_EXTENSION) *exts = NULL;
X509_EXTENSION *ext_san;
X509_EXTENSION *ext_san = NULL;
char *str_san = NULL;
int i = 0;
@ -2566,6 +2566,9 @@ X509_REQ *acme_x509_req(EVP_PKEY *pkey, char **san)
if (!sk_X509_EXTENSION_push(exts, ext_san))
goto error;
ext_san = NULL; /* handle double-free upon error */
if (!X509_REQ_add_extensions(x, exts))
goto error;
@ -2580,6 +2583,7 @@ X509_REQ *acme_x509_req(EVP_PKEY *pkey, char **san)
return x;
error:
X509_EXTENSION_free(ext_san);
sk_X509_EXTENSION_pop_free(exts, X509_EXTENSION_free);
X509_REQ_free(x);
X509_NAME_free(nm);