diff --git a/gnutls.c b/gnutls.c index d858d72a..cc2e2104 100644 --- a/gnutls.c +++ b/gnutls.c @@ -1444,6 +1444,7 @@ static int load_certificate(struct openconnect_info *vpninfo) } while (1) { gnutls_x509_crt_t issuer; + void *tmp; for (i = 0; i < nr_extra_certs; i++) { if (extra_certs[i] && @@ -1486,9 +1487,11 @@ static int load_certificate(struct openconnect_info *vpninfo) } /* OK, we found a new cert to add to our chain. */ + tmp = supporting_certs; supporting_certs = gnutls_realloc(supporting_certs, sizeof(cert) * ++nr_supporting_certs); if (!supporting_certs) { + gnutls_free(tmp); vpn_progress(vpninfo, PRG_ERR, _("Failed to allocate memory for supporting certificates\n")); /* The world is probably about to end, but try without them anyway */ diff --git a/gnutls_pkcs12.c b/gnutls_pkcs12.c index 7da1c9cd..b009f3fa 100644 --- a/gnutls_pkcs12.c +++ b/gnutls_pkcs12.c @@ -61,11 +61,13 @@ unsigned int i; if (gnutls_x509_crt_check_issuer((*chain)[*chain_len - 1], (*extra_certs)[i]) != 0 && gnutls_x509_crt_check_issuer((*extra_certs)[i], (*extra_certs)[i]) == 0) { + void *tmp = *chain; *chain = gnutls_realloc (*chain, sizeof((*chain)[0]) * ++(*chain_len)); if (*chain == NULL) { gnutls_assert(); + gnutls_free(tmp); return GNUTLS_E_MEMORY_ERROR; } (*chain)[*chain_len - 1] = (*extra_certs)[i]; @@ -398,12 +400,14 @@ gnutls_pkcs12_simple_parse (gnutls_pkcs12_t p12, { /* they don't match - skip the certificate */ if (extra_certs) { + void *tmp = _extra_certs; _extra_certs = gnutls_realloc (_extra_certs, sizeof(_extra_certs[0]) * ++_extra_certs_len); if (!_extra_certs) { gnutls_assert (); + gnutls_free(tmp); ret = GNUTLS_E_MEMORY_ERROR; goto done; }