Changeset View
Changeset View
Standalone View
Standalone View
crypto/x509/pcy_node.c
/* | /* | ||||
* Copyright 2004-2021 The OpenSSL Project Authors. All Rights Reserved. | * Copyright 2004-2023 The OpenSSL Project Authors. All Rights Reserved. | ||||
* | * | ||||
* Licensed under the Apache License 2.0 (the "License"). You may not use | * Licensed under the Apache License 2.0 (the "License"). You may not use | ||||
* this file except in compliance with the License. You can obtain a copy | * this file except in compliance with the License. You can obtain a copy | ||||
Context not available. | |||||
X509_POLICY_NODE *ossl_policy_level_add_node(X509_POLICY_LEVEL *level, | X509_POLICY_NODE *ossl_policy_level_add_node(X509_POLICY_LEVEL *level, | ||||
X509_POLICY_DATA *data, | X509_POLICY_DATA *data, | ||||
X509_POLICY_NODE *parent, | X509_POLICY_NODE *parent, | ||||
X509_POLICY_TREE *tree) | X509_POLICY_TREE *tree, | ||||
int extra_data) | |||||
{ | { | ||||
X509_POLICY_NODE *node; | X509_POLICY_NODE *node; | ||||
/* Verify that the tree isn't too large. This mitigates CVE-2023-0464 */ | |||||
if (tree->node_maximum > 0 && tree->node_count >= tree->node_maximum) | |||||
return NULL; | |||||
node = OPENSSL_zalloc(sizeof(*node)); | node = OPENSSL_zalloc(sizeof(*node)); | ||||
if (node == NULL) { | if (node == NULL) { | ||||
ERR_raise(ERR_LIB_X509V3, ERR_R_MALLOC_FAILURE); | ERR_raise(ERR_LIB_X509V3, ERR_R_MALLOC_FAILURE); | ||||
Context not available. | |||||
} | } | ||||
node->data = data; | node->data = data; | ||||
node->parent = parent; | node->parent = parent; | ||||
if (level) { | if (level != NULL) { | ||||
if (OBJ_obj2nid(data->valid_policy) == NID_any_policy) { | if (OBJ_obj2nid(data->valid_policy) == NID_any_policy) { | ||||
if (level->anyPolicy) | if (level->anyPolicy) | ||||
goto node_error; | goto node_error; | ||||
Context not available. | |||||
} | } | ||||
} | } | ||||
if (tree) { | if (extra_data) { | ||||
if (tree->extra_data == NULL) | if (tree->extra_data == NULL) | ||||
tree->extra_data = sk_X509_POLICY_DATA_new_null(); | tree->extra_data = sk_X509_POLICY_DATA_new_null(); | ||||
if (tree->extra_data == NULL){ | if (tree->extra_data == NULL){ | ||||
ERR_raise(ERR_LIB_X509V3, ERR_R_MALLOC_FAILURE); | ERR_raise(ERR_LIB_X509V3, ERR_R_MALLOC_FAILURE); | ||||
goto node_error; | goto extra_data_error; | ||||
} | } | ||||
if (!sk_X509_POLICY_DATA_push(tree->extra_data, data)) { | if (!sk_X509_POLICY_DATA_push(tree->extra_data, data)) { | ||||
ERR_raise(ERR_LIB_X509V3, ERR_R_MALLOC_FAILURE); | ERR_raise(ERR_LIB_X509V3, ERR_R_MALLOC_FAILURE); | ||||
goto node_error; | goto extra_data_error; | ||||
} | } | ||||
} | } | ||||
tree->node_count++; | |||||
if (parent) | if (parent) | ||||
parent->nchild++; | parent->nchild++; | ||||
return node; | return node; | ||||
extra_data_error: | |||||
if (level != NULL) { | |||||
if (level->anyPolicy == node) | |||||
level->anyPolicy = NULL; | |||||
else | |||||
(void) sk_X509_POLICY_NODE_pop(level->nodes); | |||||
} | |||||
node_error: | node_error: | ||||
ossl_policy_node_free(node); | ossl_policy_node_free(node); | ||||
return NULL; | return NULL; | ||||
Context not available. |