CVSROOT: /cvs
Module name: src
Changes by: [email protected] 2024/12/23 02:05:27
Modified files:
lib/libcrypto/x509: x509_utl.c
Log message:
Fix the error handling in X509V3_parse_list(3); it ignored failures
of the internal subroutine X509V3_add_value(), which could result
in silently losing part of the input data on memory exhaustion.
I independently rediscovered this bug while writing the documentation,
then noticed after fixing it that Zhou Qingyang <zhou1615 at umn dot edu>
fixed it in essentially the same way in OpenSSL 3 (commit bcd5645b
on Apr 11 02:05:19 2022 +0800), but it wasn't backported to the
OpenSSL 1.1.1 branch.
OK tb@
