wolfSSL/wolfssl
1
0
Fork 1
mirror of https://github.com/wolfSSL/wolfssl.git synced 2025-07-31 19:24:42 +02:00
Code Issues Packages Projects Releases Wiki Activity

Use proper ref count handling when adding to x509 store

Browse Source
This commit is contained in:
Colton Willey
2024-11-27 10:38:32 -08:00
parent e9a4f7de5f
commit c5df3cb6b6
1 changed files with 18 additions and 12 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
src/x509_str.c
View File

@@ -1408,6 +1408,8 @@ int wolfSSL_X509_STORE_add_cert(WOLFSSL_X509_STORE* store, WOLFSSL_X509* x509)
result = X509StoreAddCa(store, x509, WOLFSSL_USER_CA); result = X509StoreAddCa(store, x509, WOLFSSL_USER_CA);
#if !defined(WOLFSSL_SIGNER_DER_CERT) #if !defined(WOLFSSL_SIGNER_DER_CERT)
if (result == WOLFSSL_SUCCESS && store->trusted != NULL) { if (result == WOLFSSL_SUCCESS && store->trusted != NULL) {
result = wolfSSL_X509_up_ref(x509);
if (result == WOLFSSL_SUCCESS) {
result = wolfSSL_sk_X509_push(store->trusted, x509); result = wolfSSL_sk_X509_push(store->trusted, x509);
if (result > 0) { if (result > 0) {
result = WOLFSSL_SUCCESS; result = WOLFSSL_SUCCESS;
@@ -1416,10 +1418,13 @@ int wolfSSL_X509_STORE_add_cert(WOLFSSL_X509_STORE* store, WOLFSSL_X509* x509)
result = WOLFSSL_FATAL_ERROR; result = WOLFSSL_FATAL_ERROR;
} }
} }
}
#endif #endif
} }
else { else {
if (store->certs != NULL) { if (store->certs != NULL) {
result = wolfSSL_X509_up_ref(x509);
if (result == WOLFSSL_SUCCESS) {
result = wolfSSL_sk_X509_push(store->certs, x509); result = wolfSSL_sk_X509_push(store->certs, x509);
if (result > 0) { if (result > 0) {
result = WOLFSSL_SUCCESS; result = WOLFSSL_SUCCESS;
@@ -1428,6 +1433,7 @@ int wolfSSL_X509_STORE_add_cert(WOLFSSL_X509_STORE* store, WOLFSSL_X509* x509)
result = WOLFSSL_FATAL_ERROR; result = WOLFSSL_FATAL_ERROR;
} }
} }
}
else { else {
/* If store->certs is NULL, this is an X509_STORE managed by an /* If store->certs is NULL, this is an X509_STORE managed by an
* SSL_CTX, preserve behavior and always add as USER_CA */ * SSL_CTX, preserve behavior and always add as USER_CA */