Skip to content

Commit

Permalink
Browse files Browse the repository at this point in the history
Destroy vpninfo->https_cred on failing to create it
If something like certificate setup went wrong, we'd return failure but
*not* destroy the gnutls_certificate_credentials_t that we were
attempting to set up. So a subsequent retry would see that it already
exists, assume it's *fine* and just go ahead and use it. Don't do that.

Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
  • Loading branch information
David Woodhouse authored and David Woodhouse committed Mar 4, 2013
1 parent ed14a30 commit 82237a9
Showing 1 changed file with 12 additions and 1 deletion.
13 changes: 12 additions & 1 deletion gnutls.c
Expand Up @@ -1782,8 +1782,11 @@ int openconnect_open_https(struct openconnect_info *vpninfo)
unsigned int nr_certs;

err = load_datum(vpninfo, &datum, vpninfo->cafile);
if (err < 0)
if (err < 0) {
gnutls_certificate_free_credentials(vpninfo->https_cred);
vpninfo->https_cred = NULL;
return err;
}

/* For GnuTLS 3.x We should use gnutls_x509_crt_list_import2() */
nr_certs = count_x509_certificates(&datum);
Expand All @@ -1796,6 +1799,8 @@ int openconnect_open_https(struct openconnect_info *vpninfo)
vpn_progress(vpninfo, PRG_ERR,
_("Failed to allocate memory for cafile certs\n"));
gnutls_free(datum.data);
gnutls_certificate_free_credentials(vpninfo->https_cred);
vpninfo->https_cred = NULL;
close(ssl_sock);
return -ENOMEM;
}
Expand All @@ -1815,6 +1820,8 @@ int openconnect_open_https(struct openconnect_info *vpninfo)
vpn_progress(vpninfo, PRG_ERR,
_("Failed to read certs from cafile: %s\n"),
gnutls_strerror(err));
gnutls_certificate_free_credentials(vpninfo->https_cred);
vpninfo->https_cred = NULL;
close(ssl_sock);
return -EINVAL;
}
Expand All @@ -1829,6 +1836,8 @@ int openconnect_open_https(struct openconnect_info *vpninfo)
vpn_progress(vpninfo, PRG_ERR,
_("Failed to open CA file '%s': %s\n"),
vpninfo->cafile, gnutls_strerror(err));
gnutls_certificate_free_credentials(vpninfo->https_cred);
vpninfo->https_cred = NULL;
close(ssl_sock);
return -EINVAL;
}
Expand All @@ -1839,6 +1848,8 @@ int openconnect_open_https(struct openconnect_info *vpninfo)
if (err) {
vpn_progress(vpninfo, PRG_ERR,
_("Loading certificate failed. Aborting.\n"));
gnutls_certificate_free_credentials(vpninfo->https_cred);
vpninfo->https_cred = NULL;
close(ssl_sock);
return err;
}
Expand Down

0 comments on commit 82237a9

Please sign in to comment.