Skip to content

Commit

Permalink
Browse files Browse the repository at this point in the history
Fix abuse of gnutls_realloc() causing memory leaks
We need to free the original pointer, if gnutls_realloc() returns NULL.

Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
  • Loading branch information
David Woodhouse authored and David Woodhouse committed Feb 18, 2013
1 parent 8dad4f3 commit 435f42c
Show file tree
Hide file tree
Showing 2 changed files with 7 additions and 0 deletions.
3 changes: 3 additions & 0 deletions gnutls.c
Expand Up @@ -1444,6 +1444,7 @@ static int load_certificate(struct openconnect_info *vpninfo)
}
while (1) {
gnutls_x509_crt_t issuer;
void *tmp;

for (i = 0; i < nr_extra_certs; i++) {
if (extra_certs[i] &&
Expand Down Expand Up @@ -1486,9 +1487,11 @@ static int load_certificate(struct openconnect_info *vpninfo)
}

/* OK, we found a new cert to add to our chain. */
tmp = supporting_certs;
supporting_certs = gnutls_realloc(supporting_certs,
sizeof(cert) * ++nr_supporting_certs);
if (!supporting_certs) {
gnutls_free(tmp);
vpn_progress(vpninfo, PRG_ERR,
_("Failed to allocate memory for supporting certificates\n"));
/* The world is probably about to end, but try without them anyway */
Expand Down
4 changes: 4 additions & 0 deletions gnutls_pkcs12.c
Expand Up @@ -61,11 +61,13 @@ unsigned int i;
if (gnutls_x509_crt_check_issuer((*chain)[*chain_len - 1], (*extra_certs)[i]) != 0 &&
gnutls_x509_crt_check_issuer((*extra_certs)[i], (*extra_certs)[i]) == 0)
{
void *tmp = *chain;
*chain = gnutls_realloc (*chain, sizeof((*chain)[0]) *
++(*chain_len));
if (*chain == NULL)
{
gnutls_assert();
gnutls_free(tmp);
return GNUTLS_E_MEMORY_ERROR;
}
(*chain)[*chain_len - 1] = (*extra_certs)[i];
Expand Down Expand Up @@ -398,12 +400,14 @@ gnutls_pkcs12_simple_parse (gnutls_pkcs12_t p12,
{ /* they don't match - skip the certificate */
if (extra_certs)
{
void *tmp = _extra_certs;
_extra_certs = gnutls_realloc (_extra_certs,
sizeof(_extra_certs[0]) *
++_extra_certs_len);
if (!_extra_certs)
{
gnutls_assert ();
gnutls_free(tmp);
ret = GNUTLS_E_MEMORY_ERROR;
goto done;
}
Expand Down

0 comments on commit 435f42c

Please sign in to comment.