From 435f42cb509fe62cbf9ada676f6c6d649e6e3629 Mon Sep 17 00:00:00 2001 From: David Woodhouse Date: Mon, 18 Feb 2013 01:04:44 +0000 Subject: [PATCH] Fix abuse of gnutls_realloc() causing memory leaks We need to free the original pointer, if gnutls_realloc() returns NULL. Signed-off-by: David Woodhouse --- gnutls.c | 3 +++ gnutls_pkcs12.c | 4 ++++ 2 files changed, 7 insertions(+) diff --git a/gnutls.c b/gnutls.c index d858d72a..cc2e2104 100644 --- a/gnutls.c +++ b/gnutls.c @@ -1444,6 +1444,7 @@ static int load_certificate(struct openconnect_info *vpninfo) } while (1) { gnutls_x509_crt_t issuer; + void *tmp; for (i = 0; i < nr_extra_certs; i++) { if (extra_certs[i] && @@ -1486,9 +1487,11 @@ static int load_certificate(struct openconnect_info *vpninfo) } /* OK, we found a new cert to add to our chain. */ + tmp = supporting_certs; supporting_certs = gnutls_realloc(supporting_certs, sizeof(cert) * ++nr_supporting_certs); if (!supporting_certs) { + gnutls_free(tmp); vpn_progress(vpninfo, PRG_ERR, _("Failed to allocate memory for supporting certificates\n")); /* The world is probably about to end, but try without them anyway */ diff --git a/gnutls_pkcs12.c b/gnutls_pkcs12.c index 7da1c9cd..b009f3fa 100644 --- a/gnutls_pkcs12.c +++ b/gnutls_pkcs12.c @@ -61,11 +61,13 @@ unsigned int i; if (gnutls_x509_crt_check_issuer((*chain)[*chain_len - 1], (*extra_certs)[i]) != 0 && gnutls_x509_crt_check_issuer((*extra_certs)[i], (*extra_certs)[i]) == 0) { + void *tmp = *chain; *chain = gnutls_realloc (*chain, sizeof((*chain)[0]) * ++(*chain_len)); if (*chain == NULL) { gnutls_assert(); + gnutls_free(tmp); return GNUTLS_E_MEMORY_ERROR; } (*chain)[*chain_len - 1] = (*extra_certs)[i]; @@ -398,12 +400,14 @@ gnutls_pkcs12_simple_parse (gnutls_pkcs12_t p12, { /* they don't match - skip the certificate */ if (extra_certs) { + void *tmp = _extra_certs; _extra_certs = gnutls_realloc (_extra_certs, sizeof(_extra_certs[0]) * ++_extra_certs_len); if (!_extra_certs) { gnutls_assert (); + gnutls_free(tmp); ret = GNUTLS_E_MEMORY_ERROR; goto done; }