Fix a couple other leaks on failure in X509_verify_cert.
If get_issuer fails, some of these calls return rather than jumping to common
cleanup code.
Change-Id: Iacd59747fb11e9bfaae86f2eeed88798ee08203e
Reviewed-on: https://boringssl-review.googlesource.com/5711
Reviewed-by: Adam Langley <agl@google.com>
diff --git a/crypto/x509/x509_vfy.c b/crypto/x509/x509_vfy.c
index 4545d9d..c22ad34 100644
--- a/crypto/x509/x509_vfy.c
+++ b/crypto/x509/x509_vfy.c
@@ -252,7 +252,7 @@
{
ok = ctx->get_issuer(&xtmp, ctx, x);
if (ok < 0)
- return ok;
+ goto end;
/* If successful for now free up cert so it
* will be picked up again later.
*/
@@ -350,7 +350,7 @@
ok = ctx->get_issuer(&xtmp, ctx, x);
- if (ok < 0) return ok;
+ if (ok < 0) goto end;
if (ok == 0) break;
x = xtmp;