diff --git a/src/crl.c b/src/crl.c index b45ac954f4..6a03a39d71 100644 --- a/src/crl.c +++ b/src/crl.c @@ -87,6 +87,13 @@ int InitCRL(WOLFSSL_CRL* crl, WOLFSSL_CERT_MANAGER* cm) WOLFSSL_MSG("Init Mutex failed"); return BAD_MUTEX_E; } +#ifdef OPENSSL_ALL + { + int ret; + wolfSSL_RefInit(&crl->ref, &ret); + (void)ret; + } +#endif return 0; } @@ -213,7 +220,7 @@ static void CRL_Entry_free(CRL_Entry* crle, void* heap) WOLFSSL_ENTER("FreeCRL_Entry"); - while (tmp) { + while (tmp != NULL) { next = tmp->next; XFREE(tmp, heap, DYNAMIC_TYPE_REVOKED); tmp = next; @@ -241,11 +248,24 @@ void FreeCRL(WOLFSSL_CRL* crl, int dynamic) { CRL_Entry* tmp; + WOLFSSL_ENTER("FreeCRL"); + if (crl == NULL) return; +#ifdef OPENSSL_ALL + { + int ret; + int doFree = 0; + wolfSSL_RefDec(&crl->ref, &doFree, &ret); + if (ret != 0) + WOLFSSL_MSG("Couldn't lock x509 mutex"); + if (!doFree) + return; + } +#endif + tmp = crl->crlList; - WOLFSSL_ENTER("FreeCRL"); #ifdef HAVE_CRL_MONITOR if (crl->monitors[0].path) XFREE(crl->monitors[0].path, crl->heap, DYNAMIC_TYPE_CRL_MONITOR); @@ -916,9 +936,17 @@ static CRL_Entry* DupCRL_Entry(const CRL_Entry* ent, void* heap) #ifndef CRL_STATIC_REVOKED_LIST dupl->certs = DupRevokedCertList(ent->certs, heap); + if (ent->certs != NULL && dupl->certs == NULL) { + CRL_Entry_free(dupl, heap); + return NULL; + } #endif #ifdef OPENSSL_EXTRA dupl->issuer = wolfSSL_X509_NAME_dup(ent->issuer); + if (ent->issuer != NULL && dupl->issuer == NULL) { + CRL_Entry_free(dupl, heap); + return NULL; + } #endif if (!ent->verified) { @@ -1035,6 +1063,8 @@ static int DupX509_CRL(WOLFSSL_X509_CRL *dupl, const WOLFSSL_X509_CRL* crl) #endif dupl->crlList = DupCRL_list(crl->crlList, dupl->heap); + if (dupl->crlList == NULL) + return MEMORY_E; #ifdef HAVE_CRL_IO dupl->crlIOCb = crl->crlIOCb; #endif diff --git a/src/x509.c b/src/x509.c index 5a65b0459a..fec65d621e 100644 --- a/src/x509.c +++ b/src/x509.c @@ -14092,6 +14092,11 @@ void wolfSSL_X509_OBJECT_free(WOLFSSL_X509_OBJECT *obj) if (obj->type == WOLFSSL_X509_LU_X509) { wolfSSL_X509_free(obj->data.x509); } + #ifdef HAVE_CRL + else if (obj->type == WOLFSSL_X509_LU_CRL) { + wolfSSL_X509_CRL_free(obj->data.crl); + } + #endif else { /* We don't free as this will point to * store->cm->crl which we don't own */ diff --git a/src/x509_str.c b/src/x509_str.c index b2c060703c..0e7c655e43 100644 --- a/src/x509_str.c +++ b/src/x509_str.c @@ -1912,6 +1912,7 @@ WOLF_STACK_OF(WOLFSSL_X509_OBJECT)* wolfSSL_X509_STORE_get0_objects( #ifdef HAVE_CRL if (store->cm->crl != NULL) { + int res; obj = wolfSSL_X509_OBJECT_new(); if (obj == NULL) { WOLFSSL_MSG("wolfSSL_X509_OBJECT_new error"); @@ -1923,6 +1924,11 @@ WOLF_STACK_OF(WOLFSSL_X509_OBJECT)* wolfSSL_X509_STORE_get0_objects( goto err_cleanup; } obj->type = WOLFSSL_X509_LU_CRL; + wolfSSL_RefInc(&store->cm->crl->ref, &res); + if (res != 0) { + WOLFSSL_MSG("Failed to lock crl mutex"); + goto err_cleanup; + } obj->data.crl = store->cm->crl; } #endif diff --git a/tests/api.c b/tests/api.c index 255fad337d..58cd6e2f7b 100644 --- a/tests/api.c +++ b/tests/api.c @@ -55756,7 +55756,6 @@ static int test_X509_STORE_get0_objects(void) ExpectIntEQ(X509_STORE_add_crl(store_cpy, crl), WOLFSSL_SUCCESS); ExpectNotNull(crl = X509_OBJECT_get0_X509_CRL(objCopy)); - X509_CRL_free(crl); break; } #endif diff --git a/wolfssl/internal.h b/wolfssl/internal.h index 88f7b16168..09f218d332 100644 --- a/wolfssl/internal.h +++ b/wolfssl/internal.h @@ -2637,6 +2637,9 @@ struct WOLFSSL_CRL { THREAD_TYPE tid; /* monitoring thread */ wolfSSL_CRL_mfd_t mfd; int setup; /* thread is setup predicate */ +#endif +#ifdef OPENSSL_ALL + wolfSSL_Ref ref; #endif void* heap; /* heap hint for dynamic memory */ };