From 6f9e531003fd736e8e96d9a1a57f7763da9722b8 Mon Sep 17 00:00:00 2001 From: "Dr. David von Oheimb" Date: Fri, 10 Feb 2023 09:53:43 +0100 Subject: [PATCH] CMS_add1_crl(): prevent double free on failure of CMS_add0_crl() Reviewed-by: Tomas Mraz Reviewed-by: Paul Dale Reviewed-by: David von Oheimb (Merged from https://github.com/openssl/openssl/pull/19199) --- crypto/cms/cms_lib.c | 11 ++++++----- 1 file changed, 6 insertions(+), 5 deletions(-) diff --git a/crypto/cms/cms_lib.c b/crypto/cms/cms_lib.c index b5a4b315a3..2744306959 100644 --- a/crypto/cms/cms_lib.c +++ b/crypto/cms/cms_lib.c @@ -620,11 +620,12 @@ int CMS_add0_crl(CMS_ContentInfo *cms, X509_CRL *crl) int CMS_add1_crl(CMS_ContentInfo *cms, X509_CRL *crl) { - int r; - r = CMS_add0_crl(cms, crl); - if (r > 0) - X509_CRL_up_ref(crl); - return r; + if (!X509_CRL_up_ref(crl)) + return 0; + if (CMS_add0_crl(cms, crl)) + return 1; + X509_CRL_free(crl); + return 0; } STACK_OF(X509) *CMS_get1_certs(CMS_ContentInfo *cms)