Merge pull request #537 from rhenium/ky/x509-delete-attr-cleanup

rhenium · web-flow · commit 317bd5cd1bd3 · 2022-09-02T15:28:13.000+09:00
x509*: fix error queue leak in #extensions= and #attributes= methods
diff --git a/ext/openssl/ossl_x509cert.c b/ext/openssl/ossl_x509cert.c
@@ -642,12 +642,12 @@ ossl_x509_set_extensions(VALUE self, VALUE ary)
 	OSSL_Check_Kind(RARRAY_AREF(ary, i), cX509Ext);
     }
     GetX509(self, x509);
-    while ((ext = X509_delete_ext(x509, 0)))
-	X509_EXTENSION_free(ext);
+    for (i = X509_get_ext_count(x509); i > 0; i--)
+        X509_EXTENSION_free(X509_delete_ext(x509, 0));
     for (i=0; i<RARRAY_LEN(ary); i++) {
 	ext = GetX509ExtPtr(RARRAY_AREF(ary, i));
 	if (!X509_add_ext(x509, ext, -1)) { /* DUPs ext */
-	    ossl_raise(eX509CertError, NULL);
+	    ossl_raise(eX509CertError, "X509_add_ext");
 	}
     }
 
diff --git a/ext/openssl/ossl_x509crl.c b/ext/openssl/ossl_x509crl.c
@@ -474,12 +474,12 @@ ossl_x509crl_set_extensions(VALUE self, VALUE ary)
 	OSSL_Check_Kind(RARRAY_AREF(ary, i), cX509Ext);
     }
     GetX509CRL(self, crl);
-    while ((ext = X509_CRL_delete_ext(crl, 0)))
-	X509_EXTENSION_free(ext);
+    for (i = X509_CRL_get_ext_count(crl); i > 0; i--)
+        X509_EXTENSION_free(X509_CRL_delete_ext(crl, 0));
     for (i=0; i<RARRAY_LEN(ary); i++) {
 	ext = GetX509ExtPtr(RARRAY_AREF(ary, i)); /* NO NEED TO DUP */
 	if (!X509_CRL_add_ext(crl, ext, -1)) {
-	    ossl_raise(eX509CRLError, NULL);
+	    ossl_raise(eX509CRLError, "X509_CRL_add_ext");
 	}
     }
 
diff --git a/ext/openssl/ossl_x509req.c b/ext/openssl/ossl_x509req.c
@@ -380,13 +380,13 @@ ossl_x509req_set_attributes(VALUE self, VALUE ary)
 	OSSL_Check_Kind(RARRAY_AREF(ary, i), cX509Attr);
     }
     GetX509Req(self, req);
-    while ((attr = X509_REQ_delete_attr(req, 0)))
-	X509_ATTRIBUTE_free(attr);
+    for (i = X509_REQ_get_attr_count(req); i > 0; i--)
+        X509_ATTRIBUTE_free(X509_REQ_delete_attr(req, 0));
     for (i=0;i<RARRAY_LEN(ary); i++) {
 	item = RARRAY_AREF(ary, i);
 	attr = GetX509AttrPtr(item);
 	if (!X509_REQ_add1_attr(req, attr)) {
-	    ossl_raise(eX509ReqError, NULL);
+	    ossl_raise(eX509ReqError, "X509_REQ_add1_attr");
 	}
     }
     return ary;
diff --git a/ext/openssl/ossl_x509revoked.c b/ext/openssl/ossl_x509revoked.c
@@ -223,13 +223,13 @@ ossl_x509revoked_set_extensions(VALUE self, VALUE ary)
 	OSSL_Check_Kind(RARRAY_AREF(ary, i), cX509Ext);
     }
     GetX509Rev(self, rev);
-    while ((ext = X509_REVOKED_delete_ext(rev, 0)))
-	X509_EXTENSION_free(ext);
+    for (i = X509_REVOKED_get_ext_count(rev); i > 0; i--)
+        X509_EXTENSION_free(X509_REVOKED_delete_ext(rev, 0));
     for (i=0; i<RARRAY_LEN(ary); i++) {
 	item = RARRAY_AREF(ary, i);
 	ext = GetX509ExtPtr(item);
 	if(!X509_REVOKED_add_ext(rev, ext, -1)) {
-	    ossl_raise(eX509RevError, NULL);
+	    ossl_raise(eX509RevError, "X509_REVOKED_add_ext");
 	}
     }
 

Original file line number	Diff line number	Diff line change
`@@ -642,12 +642,12 @@ ossl_x509_set_extensions(VALUE self, VALUE ary)`
`642`	`642`	`OSSL_Check_Kind(RARRAY_AREF(ary, i), cX509Ext);`
`643`	`643`	`}`
`644`	`644`	`GetX509(self, x509);`
`645`		`- while ((ext = X509_delete_ext(x509, 0)))`
`646`		`- X509_EXTENSION_free(ext);`
	`645`	`+ for (i = X509_get_ext_count(x509); i > 0; i--)`
	`646`	`+ X509_EXTENSION_free(X509_delete_ext(x509, 0));`
`647`	`647`	`for (i=0; i<RARRAY_LEN(ary); i++) {`
`648`	`648`	`ext = GetX509ExtPtr(RARRAY_AREF(ary, i));`
`649`	`649`	`if (!X509_add_ext(x509, ext, -1)) { /* DUPs ext */`
`650`		`- ossl_raise(eX509CertError, NULL);`
	`650`	`+ ossl_raise(eX509CertError, "X509_add_ext");`
`651`	`651`	`}`
`652`	`652`	`}`
`653`	`653`
Original file line number	Diff line number	Diff line change
`@@ -474,12 +474,12 @@ ossl_x509crl_set_extensions(VALUE self, VALUE ary)`
`474`	`474`	`OSSL_Check_Kind(RARRAY_AREF(ary, i), cX509Ext);`
`475`	`475`	`}`
`476`	`476`	`GetX509CRL(self, crl);`
`477`		`- while ((ext = X509_CRL_delete_ext(crl, 0)))`
`478`		`- X509_EXTENSION_free(ext);`
	`477`	`+ for (i = X509_CRL_get_ext_count(crl); i > 0; i--)`
	`478`	`+ X509_EXTENSION_free(X509_CRL_delete_ext(crl, 0));`
`479`	`479`	`for (i=0; i<RARRAY_LEN(ary); i++) {`
`480`	`480`	`ext = GetX509ExtPtr(RARRAY_AREF(ary, i)); /* NO NEED TO DUP */`
`481`	`481`	`if (!X509_CRL_add_ext(crl, ext, -1)) {`
`482`		`- ossl_raise(eX509CRLError, NULL);`
	`482`	`+ ossl_raise(eX509CRLError, "X509_CRL_add_ext");`
`483`	`483`	`}`
`484`	`484`	`}`
`485`	`485`
Original file line number	Diff line number	Diff line change
`@@ -380,13 +380,13 @@ ossl_x509req_set_attributes(VALUE self, VALUE ary)`
`380`	`380`	`OSSL_Check_Kind(RARRAY_AREF(ary, i), cX509Attr);`
`381`	`381`	`}`
`382`	`382`	`GetX509Req(self, req);`
`383`		`- while ((attr = X509_REQ_delete_attr(req, 0)))`
`384`		`- X509_ATTRIBUTE_free(attr);`
	`383`	`+ for (i = X509_REQ_get_attr_count(req); i > 0; i--)`
	`384`	`+ X509_ATTRIBUTE_free(X509_REQ_delete_attr(req, 0));`
`385`	`385`	`for (i=0;i<RARRAY_LEN(ary); i++) {`
`386`	`386`	`item = RARRAY_AREF(ary, i);`
`387`	`387`	`attr = GetX509AttrPtr(item);`
`388`	`388`	`if (!X509_REQ_add1_attr(req, attr)) {`
`389`		`- ossl_raise(eX509ReqError, NULL);`
	`389`	`+ ossl_raise(eX509ReqError, "X509_REQ_add1_attr");`
`390`	`390`	`}`
`391`	`391`	`}`
`392`	`392`	`return ary;`
Original file line number	Diff line number	Diff line change
`@@ -223,13 +223,13 @@ ossl_x509revoked_set_extensions(VALUE self, VALUE ary)`
`223`	`223`	`OSSL_Check_Kind(RARRAY_AREF(ary, i), cX509Ext);`
`224`	`224`	`}`
`225`	`225`	`GetX509Rev(self, rev);`
`226`		`- while ((ext = X509_REVOKED_delete_ext(rev, 0)))`
`227`		`- X509_EXTENSION_free(ext);`
	`226`	`+ for (i = X509_REVOKED_get_ext_count(rev); i > 0; i--)`
	`227`	`+ X509_EXTENSION_free(X509_REVOKED_delete_ext(rev, 0));`
`228`	`228`	`for (i=0; i<RARRAY_LEN(ary); i++) {`
`229`	`229`	`item = RARRAY_AREF(ary, i);`
`230`	`230`	`ext = GetX509ExtPtr(item);`
`231`	`231`	`if(!X509_REVOKED_add_ext(rev, ext, -1)) {`
`232`		`- ossl_raise(eX509RevError, NULL);`
	`232`	`+ ossl_raise(eX509RevError, "X509_REVOKED_add_ext");`
`233`	`233`	`}`
`234`	`234`	`}`
`235`	`235`