Hello folks,
there seems to be a bug in pkcs12/p12_kiss.c:
PKCS12_parse():
if you enter the function with an allocated
ca stack and the parse fails,
the ca stack will be deallocated and the pointer not cleared.
this is bad because the stack was external allocated and
ist normally would be the responsibility of the calling
function to deallocate the stack.
Either clear the pointer
[...]
err:
if (pkey && *pkey) EVP_PKEY_free(*pkey);
if (cert && *cert) X509_free(*cert);
if (ca)
{
sk_X509_pop_free(*ca, X509_free);
*ca = NULL;
}
return 0;
[...]
Or (better):
[...]
int PKCS12_parse (PKCS12 *p12, const char *pass, EVP_PKEY **pkey, X509
**cert,
STACK_OF(X509) **ca)
{
int freeca=0;
/* Check for NULL PKCS12 structure */
if(!p12) {
PKCS12err(PKCS12_F_PKCS12_PARSE,PKCS12_R_INVALID_NULL_PKCS12_POINTER);
return 0;
}
/* Allocate stack for ca certificates if needed */
if ((ca != NULL) && (*ca == NULL)) {
if (!(*ca = sk_X509_new_null())) {
PKCS12err(PKCS12_F_PKCS12_PARSE,ERR_R_MALLOC_FAILURE);
return 0;
}
freeca=1;
}
[...]
err:
if (pkey && *pkey) EVP_PKEY_free(*pkey);
if (cert && *cert) X509_free(*cert);
if (ca && freeca) sk_X509_pop_free(*ca, X509_free);
return 0;
[...]
Bye
Goetz
--
Goetz Babin-Ebell, TC TrustCenter AG, http://www.trustcenter.de
Sonninstr. 24-28, 20097 Hamburg, Germany
Tel.: +49-(0)40 80 80 26 -0, Fax: +49-(0)40 80 80 26 -126
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
