Don't free NCONF obtained values

Bug reported by Michel Sales. Reviewed-by: Rich Salz <rsalz@openssl.org>
2025-05-17 11:59:42 +00:00 · 2016-03-06 20:01:20 -05:00 · 2016-03-06 20:01:20 -05:00 · ebc4815fa5
commit ebc4815fa5
parent e1d9f1ab39
1 changed files with 15 additions and 9 deletions
--- a/apps/req.c
+++ b/apps/req.c
@ -198,7 +198,9 @@ int req_main(int argc, char **argv)
    char *extensions = NULL, *infile = NULL;
    char *outfile = NULL, *keyfile = NULL, *inrand = NULL;
    char *keyalgstr = NULL, *p, *prog, *passargin = NULL, *passargout = NULL;
-    char *passin = NULL, *passout = NULL, *req_exts = NULL, *subj = NULL;
+    char *passin = NULL, *passout = NULL;
+    char *nofree_passin = NULL, *nofree_passout = NULL;
+    char *req_exts = NULL, *subj = NULL;
    char *template = default_config_file, *keyout = NULL;
    const char *keyalg = NULL;
    OPTION_CHOICE o;
@ -436,15 +438,17 @@ int req_main(int argc, char **argv)
        }
    }

-    if (!passin) {
-        passin = NCONF_get_string(req_conf, SECTION, "input_password");
-        if (!passin)
+    if (passin == NULL) {
+        passin = nofree_passin =
+            NCONF_get_string(req_conf, SECTION, "input_password");
+        if (passin == NULL)
            ERR_clear_error();
    }

-    if (!passout) {
-        passout = NCONF_get_string(req_conf, SECTION, "output_password");
-        if (!passout)
+    if (passout == NULL) {
+        passout = nofree_passout =
+            NCONF_get_string(req_conf, SECTION, "output_password");
+        if (passout == NULL)
            ERR_clear_error();
    }

@ -862,7 +866,9 @@ int req_main(int argc, char **argv)
    X509_REQ_free(req);
    X509_free(x509ss);
    ASN1_INTEGER_free(serial);
+    if (passin != nofree_passin)
        OPENSSL_free(passin);
+    if (passout != nofree_passout)
        OPENSSL_free(passout);
    OBJ_cleanup();
    return (ret);