d2i_X509(): Make deallocation behavior consistent with d2i_X509_AUX()

Partly fixes #13754 Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/13755)
author: Dr. David von Oheimb <David.von.Oheimb@siemens.com> 2020-12-30 09:46:38 +0100
committer: Dr. David von Oheimb <dev@ddvo.net> 2021-01-13 11:19:17 +0100
commit: 3339606a38cc9023c807428b429e01cfa1fde4d9 (patch)
tree: 7db54a7aeb64b68dd75df8a3edaa325b96cab3ef /crypto/x509/x_x509.c
parent: 48116c2d0fbb1db875e2bc703c08089bf3c5c5c3 (diff)
download: openssl-new-3339606a38cc9023c807428b429e01cfa1fde4d9.tar.gz
1 files changed, 5 insertions, 1 deletions
diff --git a/crypto/x509/x_x509.c b/crypto/x509/x_x509.c
index b09fa2754a..287b6c2a1e 100644
--- a/crypto/x509/x_x509.c
+++ b/crypto/x509/x_x509.c
@@ -125,12 +125,16 @@ IMPLEMENT_ASN1_DUP_FUNCTION(X509)
 X509 *d2i_X509(X509 **a, const unsigned char **in, long len)
 {
     X509 *cert = NULL;
+    int free_on_error = a != NULL && *a == NULL;
 
     cert = (X509 *)ASN1_item_d2i((ASN1_VALUE **)a, in, len, (X509_it()));
     /* Only cache the extensions if the cert object was passed in */
     if (cert != NULL && a != NULL) {
-        if (!x509v3_cache_extensions(cert))
+        if (!x509v3_cache_extensions(cert)) {
+            if (free_on_error)
+                X509_free(cert);
             cert = NULL;
+        }
     }
     return cert;
 }
author	Dr. David von Oheimb <David.von.Oheimb@siemens.com>	2020-12-30 09:46:38 +0100
committer	Dr. David von Oheimb <dev@ddvo.net>	2021-01-13 11:19:17 +0100
commit	3339606a38cc9023c807428b429e01cfa1fde4d9 (patch)
tree	7db54a7aeb64b68dd75df8a3edaa325b96cab3ef /crypto/x509/x_x509.c
parent	48116c2d0fbb1db875e2bc703c08089bf3c5c5c3 (diff)
download	openssl-new-3339606a38cc9023c807428b429e01cfa1fde4d9.tar.gz