Skip to content

Commit

Permalink
Browse files Browse the repository at this point in the history
Free pcerts array for all assign_privkey paths.
Ensure the array pcerts is free'd for both success/fail paths. The function
gnutls_certificate_set_key() is odd as it takes ownership of the contents of
pcerts, but not the pcerts array itself. See:

gnutls-3.6.15/lib/cert-cred.c:gnutls_certificate_set_key()
...
new_pcert_list = gnutls_malloc(sizeof(gnutls_pcert_st) * pcert_list_size);
if (new_pcert_list == NULL) {
  return gnutls_assert_val(GNUTLS_E_MEMORY_ERROR);
}
memcpy(new_pcert_list, pcert_list, sizeof(gnutls_pcert_st) * pcert_list_size);

Signed-off-by: Tom Carroll <incentivedesign@gmail.com>
  • Loading branch information
tomc797 committed Jan 8, 2021
1 parent 4df34b8 commit 3c9479a
Showing 1 changed file with 3 additions and 2 deletions.
5 changes: 3 additions & 2 deletions gnutls.c
Expand Up @@ -584,7 +584,8 @@ static int assign_privkey(struct openconnect_info *vpninfo,
uint8_t *free_certs)
{
gnutls_pcert_st *pcerts = gnutls_calloc(nr_certs, sizeof(*pcerts));
int i, err;
unsigned int i;
int err;

if (!pcerts)
return GNUTLS_E_MEMORY_ERROR;
Expand All @@ -608,8 +609,8 @@ static int assign_privkey(struct openconnect_info *vpninfo,
free_pcerts:
for (i = 0 ; i < nr_certs; i++)
gnutls_pcert_deinit(pcerts + i);
free(pcerts);
}
free(pcerts);
return err;
}

Expand Down

0 comments on commit 3c9479a

Please sign in to comment.