commit 076c6a3389e80153bb8f2d8198696af862bc05b7
author David Benjamin <davidben@google.com> Mon Mar 20 17:41:00 2017 -0400
committer CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org> Tue Mar 21 14:51:17 2017 +0000
tree c6b7d55d2bc707e9319477442624aa38b451506d
parent aefc6b27e107df36a8d1705d216577745f53fb94

Fix a memory leak in X509_STORE_add_cert/crl error handling.

(Imported from upstream's c8ee68aa28889a1b7824ee399262536202f27cc0.)

Change-Id: If794793f766bf70fb35b60274e74d581fcb2b9de
Reviewed-on: https://boringssl-review.googlesource.com/14317
Commit-Queue: David Benjamin <davidben@google.com>
Commit-Queue: Steven Valdez <svaldez@google.com>
Reviewed-by: Steven Valdez <svaldez@google.com>
CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>

crypto/x509/x509_lu.c

diff --git a/crypto/x509/x509_lu.c b/crypto/x509/x509_lu.c
index 9e45964..f2371bd 100644
--- a/crypto/x509/x509_lu.c
+++ b/crypto/x509/x509_lu.c
@@ -356,8 +356,12 @@
         OPENSSL_free(obj);
         OPENSSL_PUT_ERROR(X509, X509_R_CERT_ALREADY_IN_HASH_TABLE);
         ret = 0;
-    } else
-        sk_X509_OBJECT_push(ctx->objs, obj);
+    } else if (!sk_X509_OBJECT_push(ctx->objs, obj)) {
+        X509_OBJECT_free_contents(obj);
+        OPENSSL_free(obj);
+        OPENSSL_PUT_ERROR(X509, ERR_R_MALLOC_FAILURE);
+        ret = 0;
+    }
 
     CRYPTO_MUTEX_unlock_write(&ctx->objs_lock);
 
@@ -388,8 +392,12 @@
         OPENSSL_free(obj);
         OPENSSL_PUT_ERROR(X509, X509_R_CERT_ALREADY_IN_HASH_TABLE);
         ret = 0;
-    } else
-        sk_X509_OBJECT_push(ctx->objs, obj);
+    } else if (!sk_X509_OBJECT_push(ctx->objs, obj)) {
+        X509_OBJECT_free_contents(obj);
+        OPENSSL_free(obj);
+        OPENSSL_PUT_ERROR(X509, ERR_R_MALLOC_FAILURE);
+        ret = 0;
+    }
 
     CRYPTO_MUTEX_unlock_write(&ctx->objs_lock);