From 403acadf1a9fb431e188a8c084527d32c0c6fe9a Mon Sep 17 00:00:00 2001
From: Sean Parkinson <sean@wolfssl.com>
Date: Mon, 22 May 2023 10:52:51 +1000
Subject: [PATCH] X509 NAME ENTRY create: ensure existing object is not lost

wolfSSL_X509_NAME_ENTRY_create_by_txt and
wolfSSL_X509_NAME_ENTRY_create_by_NID:
 - object field was being reused if it existed but lost on error
 - extracted common code
 - store object only on success, ie object is not NULL
---
 src/x509.c | 56 +++++++++++++++++++++++++++---------------------------
 1 file changed, 28 insertions(+), 28 deletions(-)

diff --git a/src/x509.c b/src/x509.c
index abecda5e3..6af781778 100644
--- a/src/x509.c
+++ b/src/x509.c
@@ -11383,6 +11383,31 @@ err:
         return ne;
     }
 
+    static void wolfssl_x509_name_entry_set(WOLFSSL_X509_NAME_ENTRY* ne,
+        int nid, int type, const unsigned char *data, int dataSz)
+    {
+        WOLFSSL_ASN1_OBJECT* object;
+
+        ne->nid = nid;
+        /* Reuse the object if already available. */
+        object = wolfSSL_OBJ_nid2obj_ex(nid, ne->object);
+        if (object != NULL) {
+            /* Set the object when no error. */
+            ne->object = object;
+        }
+        ne->value = wolfSSL_ASN1_STRING_type_new(type);
+        if (ne->value != NULL) {
+            if (wolfSSL_ASN1_STRING_set(ne->value, (const void*)data,
+                                            dataSz) == WOLFSSL_SUCCESS) {
+                ne->set = 1;
+            }
+            else {
+                /* Free the ASN1_STRING if it is not set. */
+                wolfSSL_ASN1_STRING_free(ne->value);
+                ne->value = NULL;
+            }
+        }
+    }
 
     /* Create a new WOLFSSL_X509_NAME_ENTRY structure based on the text passed
      * in. Returns NULL on failure */
@@ -11415,20 +11440,8 @@ err:
                     return NULL;
                 }
             }
-            ne->nid = nid;
-            ne->object = wolfSSL_OBJ_nid2obj_ex(nid, ne->object);
-            ne->value = wolfSSL_ASN1_STRING_type_new(type);
-            if (ne->value != NULL) {
-                if (wolfSSL_ASN1_STRING_set(ne->value, (const void*)data,
-                                            dataSz) == WOLFSSL_SUCCESS) {
-                    ne->set = 1;
-                }
-                else {
-                    /* Free the ASN1_STRING if it is not set. */
-                    wolfSSL_ASN1_STRING_free(ne->value);
-                    ne->value = NULL;
-                }
-            }
+
+            wolfssl_x509_name_entry_set(ne, nid, type, data, dataSz);
         }
 
         return ne;
@@ -11469,20 +11482,7 @@ err:
             ne = *out;
         }
 
-        ne->nid = nid;
-        ne->object = wolfSSL_OBJ_nid2obj_ex(nid, ne->object);
-        ne->value = wolfSSL_ASN1_STRING_type_new(type);
-        if (ne->value != NULL) {
-            if (wolfSSL_ASN1_STRING_set(ne->value, (const void*)data, dataSz)
-                    == WOLFSSL_SUCCESS) {
-                ne->set = 1;
-            }
-            else {
-                /* Free the ASN1_STRING if it is not set. */
-                wolfSSL_ASN1_STRING_free(ne->value);
-                ne->value = NULL;
-            }
-        }
+        wolfssl_x509_name_entry_set(ne, nid, type, data, dataSz);
 
         return ne;
     }