Commit 435f42cb authored by David Woodhouse's avatar David Woodhouse

Fix abuse of gnutls_realloc() causing memory leaks

We need to free the original pointer, if gnutls_realloc() returns NULL.
Signed-off-by: default avatarDavid Woodhouse <David.Woodhouse@intel.com>
parent 8dad4f3a
......@@ -1444,6 +1444,7 @@ static int load_certificate(struct openconnect_info *vpninfo)
}
while (1) {
gnutls_x509_crt_t issuer;
void *tmp;
for (i = 0; i < nr_extra_certs; i++) {
if (extra_certs[i] &&
......@@ -1486,9 +1487,11 @@ static int load_certificate(struct openconnect_info *vpninfo)
}
/* OK, we found a new cert to add to our chain. */
tmp = supporting_certs;
supporting_certs = gnutls_realloc(supporting_certs,
sizeof(cert) * ++nr_supporting_certs);
if (!supporting_certs) {
gnutls_free(tmp);
vpn_progress(vpninfo, PRG_ERR,
_("Failed to allocate memory for supporting certificates\n"));
/* The world is probably about to end, but try without them anyway */
......
......@@ -61,11 +61,13 @@ unsigned int i;
if (gnutls_x509_crt_check_issuer((*chain)[*chain_len - 1], (*extra_certs)[i]) != 0 &&
gnutls_x509_crt_check_issuer((*extra_certs)[i], (*extra_certs)[i]) == 0)
{
void *tmp = *chain;
*chain = gnutls_realloc (*chain, sizeof((*chain)[0]) *
++(*chain_len));
if (*chain == NULL)
{
gnutls_assert();
gnutls_free(tmp);
return GNUTLS_E_MEMORY_ERROR;
}
(*chain)[*chain_len - 1] = (*extra_certs)[i];
......@@ -398,12 +400,14 @@ gnutls_pkcs12_simple_parse (gnutls_pkcs12_t p12,
{ /* they don't match - skip the certificate */
if (extra_certs)
{
void *tmp = _extra_certs;
_extra_certs = gnutls_realloc (_extra_certs,
sizeof(_extra_certs[0]) *
++_extra_certs_len);
if (!_extra_certs)
{
gnutls_assert ();
gnutls_free(tmp);
ret = GNUTLS_E_MEMORY_ERROR;
goto done;
}
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment