Skip to content

Commit

Permalink
Browse files Browse the repository at this point in the history
GnuTLS: Fix password memory leaks
Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
  • Loading branch information
David Woodhouse authored and David Woodhouse committed Jun 12, 2012
1 parent d36cb52 commit 1e70b73
Showing 1 changed file with 6 additions and 1 deletion.
7 changes: 6 additions & 1 deletion gnutls.c
Expand Up @@ -357,9 +357,11 @@ static int load_pkcs12_certificate(struct openconnect_info *vpninfo,
gnutls_strerror(err));
return ret;
}

err = gnutls_pkcs12_simple_parse(p12, pass, key, chain, chain_len,
extra_certs, extra_certs_len, crl, 0);
free(pass);
vpninfo->cert_password = NULL;

gnutls_pkcs12_deinit(p12);
if (err) {
vpn_progress(vpninfo, PRG_ERR,
Expand Down Expand Up @@ -719,6 +721,7 @@ static int load_certificate(struct openconnect_info *vpninfo)
ret = -EINVAL;
goto out;
}
vpninfo->cert_password = NULL;
if (pass) {
vpn_progress(vpninfo, PRG_ERR,
_("Failed to decrypt PKCS#8 certificate file\n"));
Expand All @@ -731,6 +734,8 @@ static int load_certificate(struct openconnect_info *vpninfo)
goto out;
}
}
free(pass);
vpninfo->cert_password = NULL;
}

/* Now attempt to make sure we use the *correct* certificate, to match the key */
Expand Down

0 comments on commit 1e70b73

Please sign in to comment.