Merge pull request #8233 from ColtonWilley/x509_store_add_cert_ref_count

Use proper ref count handling when adding to x509 store
2025-07-31 19:24:42 +02:00 · 2024-12-11 11:54:29 -06:00
parent 7ef328548d c192cbabe8
commit 2ea2e6bf59
1 changed files with 23 additions and 21 deletions
--- a/src/x509_str.c
+++ b/src/x509_str.c
@@ -1102,11 +1102,9 @@ WOLFSSL_X509_STORE* wolfSSL_X509_STORE_new(void)
    if ((store->owned = wolfSSL_sk_X509_new_null()) == NULL)
        goto err_exit;

-#if !defined(WOLFSSL_SIGNER_DER_CERT)
    if ((store->trusted = wolfSSL_sk_X509_new_null()) == NULL)
        goto err_exit;
 #endif
-#endif

 #ifdef HAVE_CRL
    store->crl = store->cm->crl;
@@ -1196,20 +1194,18 @@ void wolfSSL_X509_STORE_free(WOLFSSL_X509_STORE* store)
            }
 #if defined(OPENSSL_EXTRA)
            if (store->certs != NULL) {
-                wolfSSL_sk_X509_free(store->certs);
+                wolfSSL_sk_X509_pop_free(store->certs, NULL);
                store->certs = NULL;
            }
            if (store->owned != NULL) {
-                wolfSSL_sk_X509_pop_free(store->owned, wolfSSL_X509_free);
+                wolfSSL_sk_X509_pop_free(store->owned, NULL);
                store->owned = NULL;
            }
-#if !defined(WOLFSSL_SIGNER_DER_CERT)
            if (store->trusted != NULL) {
-                wolfSSL_sk_X509_free(store->trusted);
+                wolfSSL_sk_X509_pop_free(store->trusted, NULL);
                store->trusted = NULL;
            }
 #endif
-#endif
 #ifdef OPENSSL_ALL
            if (store->objs != NULL) {
                X509StoreFreeObjList(store, store->objs);
@@ -1406,26 +1402,32 @@ int wolfSSL_X509_STORE_add_cert(WOLFSSL_X509_STORE* store, WOLFSSL_X509* x509)
         * CA=TRUE */
        if (wolfSSL_X509_NAME_cmp(&x509->issuer, &x509->subject) == 0) {
            result = X509StoreAddCa(store, x509, WOLFSSL_USER_CA);
-    #if !defined(WOLFSSL_SIGNER_DER_CERT)
            if (result == WOLFSSL_SUCCESS && store->trusted != NULL) {
-                result = wolfSSL_sk_X509_push(store->trusted, x509);
-                if (result > 0) {
-                    result = WOLFSSL_SUCCESS;
-                }
-                else {
-                    result = WOLFSSL_FATAL_ERROR;
+                result = wolfSSL_X509_up_ref(x509);
+                if (result == WOLFSSL_SUCCESS) {
+                    result = wolfSSL_sk_X509_push(store->trusted, x509);
+                    if (result > 0) {
+                        result = WOLFSSL_SUCCESS;
+                    }
+                    else {
+                        result = WOLFSSL_FATAL_ERROR;
+                        wolfSSL_X509_free(x509);
+                    }
                }
            }
-    #endif
        }
        else {
            if (store->certs != NULL) {
-                result = wolfSSL_sk_X509_push(store->certs, x509);
-                if (result > 0) {
-                    result = WOLFSSL_SUCCESS;
-                }
-                else {
-                    result = WOLFSSL_FATAL_ERROR;
+                result = wolfSSL_X509_up_ref(x509);
+                if (result == WOLFSSL_SUCCESS) {
+                    result = wolfSSL_sk_X509_push(store->certs, x509);
+                    if (result > 0) {
+                        result = WOLFSSL_SUCCESS;
+                    }
+                    else {
+                        result = WOLFSSL_FATAL_ERROR;
+                        wolfSSL_X509_free(x509);
+                    }
                }
            }
            else {