Skip to content

Commit

Permalink
Browse files Browse the repository at this point in the history
GnuTLS: Fix password memory leaks
Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
  • Loading branch information
David Woodhouse authored and David Woodhouse committed Jun 12, 2012
1 parent d36cb52 commit 1e70b73
Showing 1 changed file with 7 additions and 2 deletions.
9 changes: 7 additions & 2 deletions gnutls.c
Expand Up @@ -357,9 +357,11 @@ static int load_pkcs12_certificate(struct openconnect_info *vpninfo,
gnutls_strerror(err));
return ret;
}

err = gnutls_pkcs12_simple_parse(p12, pass, key, chain, chain_len,
extra_certs, extra_certs_len, crl, 0);
free(pass);
vpninfo->cert_password = NULL;

gnutls_pkcs12_deinit(p12);
if (err) {
vpn_progress(vpninfo, PRG_ERR,
Expand Down Expand Up @@ -719,10 +721,11 @@ static int load_certificate(struct openconnect_info *vpninfo)
ret = -EINVAL;
goto out;
}
vpninfo->cert_password = NULL;
if (pass) {
vpn_progress(vpninfo, PRG_ERR,
_("Failed to decrypt PKCS#8 certificate file\n"));
free (pass);
free(pass);
}
err = request_passphrase(vpninfo, &pass,
_("Enter PEM pass phrase:"));
Expand All @@ -731,6 +734,8 @@ static int load_certificate(struct openconnect_info *vpninfo)
goto out;
}
}
free(pass);
vpninfo->cert_password = NULL;
}

/* Now attempt to make sure we use the *correct* certificate, to match the key */
Expand Down

0 comments on commit 1e70b73

Please sign in to comment.