Merge pull request #1034 from ndossche/clesss-9

x509attr: check for errors of sk_ASN1_TYPE_push() & use reserve call

Author: rhenium

ext/openssl/extconf.rb

@@ -135,6 +135,7 @@ def find_openssl_library
 evp_h = "openssl/evp.h".freeze
 ts_h = "openssl/ts.h".freeze
 ssl_h = "openssl/ssl.h".freeze
+stack_h = "openssl/stack.h".freeze
 
 # compile options
 have_func("RAND_egd()", "openssl/rand.h")
@@ -150,6 +151,9 @@ def find_openssl_library
 # added in OpenSSL 1.1.1 and LibreSSL 3.5.0, then removed in LibreSSL 4.0.0
 have_func("EVP_PKEY_check(NULL)", evp_h)
 
+# added in OpenSSL 1.1.1, currently not in LibreSSL
+have_func("OPENSSL_sk_new_reserve(NULL, 0)", stack_h)
+
 # added in 3.0.0
 have_func("SSL_CTX_set0_tmp_dh_pkey(NULL, NULL)", ssl_h)
 have_func("ERR_get_error_all(NULL, NULL, NULL, NULL, NULL)", "openssl/err.h")

ext/openssl/ossl_x509attr.c

@@ -235,13 +235,22 @@ ossl_x509attr_get_value(VALUE self)
     unsigned char *p;
 
     GetX509Attr(self, attr);
+    count = X509_ATTRIBUTE_count(attr);
     /* there is no X509_ATTRIBUTE_get0_set() :( */
+#ifdef HAVE_OPENSSL_SK_NEW_RESERVE
+    if (!(sk = sk_ASN1_TYPE_new_reserve(NULL, count)))
+        ossl_raise(eX509AttrError, "sk_new_reserve");
+#else
     if (!(sk = sk_ASN1_TYPE_new_null()))
         ossl_raise(eX509AttrError, "sk_new");
+#endif
 
-    count = X509_ATTRIBUTE_count(attr);
-    for (i = 0; i < count; i++)
-        sk_ASN1_TYPE_push(sk, (ASN1_TYPE *)X509_ATTRIBUTE_get0_type(attr, i));
+    for (i = 0; i < count; i++) {
+        if (!sk_ASN1_TYPE_push(sk, (ASN1_TYPE *)X509_ATTRIBUTE_get0_type(attr, i))) {
+            sk_ASN1_TYPE_free(sk);
+            ossl_raise(eX509AttrError, NULL);
+        }
+    }
 
     if ((len = i2d_ASN1_SET_ANY(sk, NULL)) <= 0) {
         sk_ASN1_TYPE_free(sk);