CVSROOT: /cvs
Module name: src
Changes by: t...@cvs.openbsd.org 2023/08/29 18:49:32
Modified files:
lib/libcrypto/x509: x509_alt.c
Log message:
Fix leaks in copy_issuer()
The stack of subject alternative names from the issuer is parsed using
X509V3_EXT_d2i(), so it must be freed with sk_GENERAL_NAME_pop_free().
It's not worth doing complicated ownership handling when the individual
alternative names can be copied with GENERAL_NAME_dup().
Previously, ialt and its remaining members would be leaked when the call
to sk_GENERAL_NAME_push() failed halfway through.
This is only reachable via the issuer:copy x509v3.cnf(5) directive.
ok jsing
