Fix loading more than one certificate in PEM format in X509_load_cert…

…_file_ex() Fixes #22895 Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from #22885)
openssl · Dec 4, 2023 · 20c680d · 20c680d
1 parent 7158339
commit 20c680d
Showing 1 changed file with 11 additions and 0 deletions.
diff --git a/crypto/x509/by_file.c b/crypto/x509/by_file.c
@@ -128,6 +128,17 @@ int X509_load_cert_file_ex(X509_LOOKUP *ctx, const char *file, int type,
                 count = 0;
                 goto err;
             }
+            /*
+             * X509_STORE_add_cert() added a reference rather than a copy,
+             * so we need a fresh X509 object.
+             */
+            X509_free(x);
+            x = X509_new_ex(libctx, propq);
+            if (x == NULL) {
+                ERR_raise(ERR_LIB_X509, ERR_R_ASN1_LIB);
+                count = 0;
+                goto err;
+            }
             count++;
         }
     } else if (type == X509_FILETYPE_ASN1) {