From 3c9479ae8a93514bf4e613d7b38cdc864b1780bf Mon Sep 17 00:00:00 2001
From: Tom Carroll <incentivedesign@gmail.com>
Date: Fri, 8 Jan 2021 11:26:48 -0800
Subject: [PATCH] Free pcerts array for all assign_privkey paths.

Ensure the array pcerts is free'd for both success/fail paths. The function
gnutls_certificate_set_key() is odd as it takes ownership of the contents of
pcerts, but not the pcerts array itself. See:

gnutls-3.6.15/lib/cert-cred.c:gnutls_certificate_set_key()
...
new_pcert_list = gnutls_malloc(sizeof(gnutls_pcert_st) * pcert_list_size);
if (new_pcert_list == NULL) {
  return gnutls_assert_val(GNUTLS_E_MEMORY_ERROR);
}
memcpy(new_pcert_list, pcert_list, sizeof(gnutls_pcert_st) * pcert_list_size);

Signed-off-by: Tom Carroll <incentivedesign@gmail.com>
---
 gnutls.c | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/gnutls.c b/gnutls.c
index 7d5b9924..ffcf1ca7 100644
--- a/gnutls.c
+++ b/gnutls.c
@@ -584,7 +584,8 @@ static int assign_privkey(struct openconnect_info *vpninfo,
 			  uint8_t *free_certs)
 {
 	gnutls_pcert_st *pcerts = gnutls_calloc(nr_certs, sizeof(*pcerts));
-	int i, err;
+	unsigned int i;
+	int err;
 
 	if (!pcerts)
 		return GNUTLS_E_MEMORY_ERROR;
@@ -608,8 +609,8 @@ static int assign_privkey(struct openconnect_info *vpninfo,
 	free_pcerts:
 		for (i = 0 ; i < nr_certs; i++)
 			gnutls_pcert_deinit(pcerts + i);
-		free(pcerts);
 	}
+	free(pcerts);
 	return err;
 }