X509_add_cert(): prevent double free on X509_up_ref() failure

siemens · Oct 4, 2023 · 234ddea · 234ddea
1 parent 310abeb
commit 234ddea
Showing 1 changed file with 4 additions and 2 deletions.
diff --git a/crypto/x509/x509_cmp.c b/crypto/x509/x509_cmp.c
@@ -214,13 +214,15 @@ int X509_add_cert(STACK_OF(X509) *sk, X509 *cert, int flags)
         if (ret != 0)
             return ret > 0 ? 1 : 0;
     }
+
+    if ((flags & X509_ADD_FLAG_UP_REF) != 0 && !X509_up_ref(cert))
+        return 0;
     if (!sk_X509_insert(sk, cert,
                         (flags & X509_ADD_FLAG_PREPEND) != 0 ? 0 : -1)) {
+        X509_free(cert);
         ERR_raise(ERR_LIB_X509, ERR_R_CRYPTO_LIB);
         return 0;
     }
-    if ((flags & X509_ADD_FLAG_UP_REF) != 0)
-        (void)X509_up_ref(cert);
     return 1;
 }