> Actually, it needs freeing only here. If lh_OBJ_NAME_error() returns 0,
> there was no error and a hash-entry containing NULL was replaced.
The below diff is ok if you want to commit.
PS: our initial diff causes a uaf caught by omalloc via:
$ openssl x509 -in /etc/ssl/cert.pem -out /dev/null
Index: objects/o_names.c
===================================================================
RCS file: /cvs/src/lib/libcrypto/objects/o_names.c,v
retrieving revision 1.22
diff -u -p -r1.22 o_names.c
--- objects/o_names.c 29 Jan 2017 17:49:23 -0000 1.22
+++ objects/o_names.c 8 Nov 2022 17:35:42 -0000
@@ -197,6 +197,7 @@ OBJ_NAME_add(const char *name, int type,
free(ret);
} else {
if (lh_OBJ_NAME_error(names_lh)) {
+ free(onp);
/* ERROR */
return (0);
}
