GitHub/openssl
1
0
Fork 0
mirror of https://github.com/openssl/openssl.git synced 2026-05-07 20:12:39 +00:00
Code Issues Packages Projects Releases Wiki Activity

Fix resource leak in crls_http_cb()

Browse Source 
When the function fails to push the second CRL to the stack, it
incorrectly uses sk_X509_CRL_free() instead of sk_X509_CRL_pop_free().
This destroys the stack container but orphans previously pushed
X509_CRL objects.

Replace it with sk_X509_CRL_pop_free passing X509_CRL_free as the
cleanup routine to ensure deep deallocation of any pushed items.

Reviewed-by: Eugene Syromiatnikov <esyr@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Norbert Pocs <norbertp@openssl.org>
Reviewed-by: Todd Short <todd.short@me.com>
(Merged from https://github.com/openssl/openssl/pull/30372)
This commit is contained in:
YZL0v3ZZ
2026-03-11 21:48:14 +08:00
committed by Todd Short
parent ee9e0f6d8f
commit 0d2874b37a
1 changed files with 1 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files
apps/lib/apps.c
+1 -1
View File
@@ -2677,7 +2677,7 @@ static STACK_OF(X509_CRL) *crls_http_cb(const X509_STORE_CTX *ctx,
error:
X509_CRL_free(crl);
sk_X509_CRL_free(crls);
sk_X509_CRL_pop_free(crls, X509_CRL_free);
return NULL;
}