Fix use-after-free in error case.

author: Carl Hetherington <cth@carlh.net> 2023-08-15 12:33:33 +0200
committer: Carl Hetherington <cth@carlh.net> 2023-08-15 12:33:33 +0200
commit: 28823f5d28857dc728df5a8e23c3c6ec23b5ee45 (patch)
tree: 18dce3610c6f7920252911a0fd5ee5f3bf81969f /src
parent: 545e3f54b104364b316318876a3d4e515de758b1 (diff)
1 files changed, 3 insertions, 1 deletions
diff --git a/src/certificate_chain.cc b/src/certificate_chain.cc
index 51f2ca68..449dba89 100644
--- a/src/certificate_chain.cc
+++ b/src/certificate_chain.cc
@@ -471,16 +471,18 @@ CertificateChain::chain_valid(List const & chain, string* error) const
 		}
 
 		int const v = X509_verify_cert (ctx);
-		X509_STORE_CTX_free (ctx);
 
 		if (v != 1) {
 			X509_STORE_free (store);
 			if (error) {
 				*error = X509_verify_cert_error_string(X509_STORE_CTX_get_error(ctx));
 			}
+			X509_STORE_CTX_free(ctx);
 			return false;
 		}
 
+		X509_STORE_CTX_free(ctx);
+
 		/* I don't know why OpenSSL doesn't check this stuff
 		   in verify_cert, but without these checks the
 		   certificates_validation8 test fails.
author	Carl Hetherington <cth@carlh.net>	2023-08-15 12:33:33 +0200
committer	Carl Hetherington <cth@carlh.net>	2023-08-15 12:33:33 +0200
commit	28823f5d28857dc728df5a8e23c3c6ec23b5ee45 (patch)
tree	18dce3610c6f7920252911a0fd5ee5f3bf81969f /src
parent	545e3f54b104364b316318876a3d4e515de758b1 (diff)