diff options
| author | Bob Beck <beck@cvs.openbsd.org> | 2017-02-05 02:33:22 +0000 |
|---|---|---|
| committer | Bob Beck <beck@cvs.openbsd.org> | 2017-02-05 02:33:22 +0000 |
| commit | 41454f725d2edcaecf44478761018c01c667326f (patch) | |
| tree | cd0fa122c68fb614c08bc33357833a8bdfae35f0 /lib/libcrypto/x509/x509_vfy.c | |
| parent | 51e55c19383bf92a655715869608d9f5b2587527 (diff) | |
Kill leak introduced with refactor
ok jsing@
Diffstat (limited to 'lib/libcrypto/x509/x509_vfy.c')
| -rw-r--r-- | lib/libcrypto/x509/x509_vfy.c | 9 |
1 files changed, 6 insertions, 3 deletions
diff --git a/lib/libcrypto/x509/x509_vfy.c b/lib/libcrypto/x509/x509_vfy.c index b81387a2373..fbed5ec8007 100644 --- a/lib/libcrypto/x509/x509_vfy.c +++ b/lib/libcrypto/x509/x509_vfy.c @@ -1,4 +1,4 @@ -/* $OpenBSD: x509_vfy.c,v 1.60 2017/01/29 17:49:23 beck Exp $ */ +/* $OpenBSD: x509_vfy.c,v 1.61 2017/02/05 02:33:21 beck Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -1793,7 +1793,6 @@ internal_verify(X509_STORE_CTX *ctx) * peril). */ while (n >= 0) { - EVP_PKEY *pkey; /* * Skip signature check for self signed certificates @@ -1805,15 +1804,19 @@ internal_verify(X509_STORE_CTX *ctx) */ if (xs != xi || (ctx->param->flags & X509_V_FLAG_CHECK_SS_SIGNATURE)) { + EVP_PKEY *pkey; if ((pkey = X509_get_pubkey(xi)) == NULL) { if (!verify_cb_cert(ctx, xi, xi != xs ? n+1 : n, X509_V_ERR_UNABLE_TO_DECODE_ISSUER_PUBLIC_KEY)) return 0; } else if (X509_verify(xs, pkey) <= 0) { if (!verify_cb_cert(ctx, xs, n, - X509_V_ERR_CERT_SIGNATURE_FAILURE)) + X509_V_ERR_CERT_SIGNATURE_FAILURE)) { + EVP_PKEY_free(pkey); return 0; + } } + EVP_PKEY_free(pkey); } check_cert: /* Calls verify callback as needed */ |