Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Fix invalid/double free if PKCS#11 token does not include CA certs
Commit b06b862 ("Include supporting certificates from PKCS#11 tokens") calls gnutls_free() on an invalid 't.data' value if gnutls_pkcs11_get_raw_issuer() returns an error, and calls gnutls_x509_crt_deinit() twice on 'issuer' if gnutls_x509_crt_import() returns an error. If the Issuer cert is not available on the PKCS#11 token, then gnutls_pkcs11_get_raw_issuer() fails and the call to gnutls_free(t.data) causes libc to print the following message then kill the process: *** Error in `/usr/sbin/openconnect': double free or corruption (!prev): 0x0000555555c69ff0 *** Signed-off-by: Paul Donohue <git@PaulSD.com> Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
- Loading branch information