Add openconnect_free_cert_info()

Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
sailfishos-mirror · Oct 12, 2014 · f8c1c09 · f8c1c09
1 parent a195868
commit f8c1c09
Show file tree

Hide file tree

Showing 4 changed files with 22 additions and 11 deletions.
diff --git a/gnutls.c b/gnutls.c
@@ -1662,16 +1662,11 @@ char *openconnect_get_cert_details(struct openconnect_info *vpninfo,
 				   OPENCONNECT_X509 *cert)
 {
 	gnutls_datum_t buf;
-	char *ret;
 
 	if (gnutls_x509_crt_print(cert, GNUTLS_CRT_PRINT_FULL, &buf))
 		return NULL;
 
-	/* Just in case gnutls_free() isn't free(), we can't steal it. */
-	ret = strdup((char *)buf.data);
-	gnutls_free(buf.data);
-
-	return ret;
+	return (char *)buf.data;
 }
 
 int openconnect_get_cert_DER(struct openconnect_info *vpninfo,
@@ -1684,18 +1679,24 @@ int openconnect_get_cert_DER(struct openconnect_info *vpninfo,
 	    GNUTLS_E_SHORT_MEMORY_BUFFER)
 		return -EIO;
 
-	ret = malloc(l);
+	ret = gnutls_malloc(l);
 	if (!ret)
 		return -ENOMEM;
 
 	if (gnutls_x509_crt_export(cert, GNUTLS_X509_FMT_DER, ret, &l)) {
-		free(ret);
+		gnutls_free(ret);
 		return -EIO;
 	}
 	*buf = ret;
 	return l;
 }
 
+void openconnect_free_cert_info(struct openconnect_info *vpninfo,
+				void *buf)
+{
+	gnutls_free(buf);
+}
+
 static int verify_peer(gnutls_session_t session)
 {
 	struct openconnect_info *vpninfo = gnutls_session_get_ptr(session);

diff --git a/libopenconnect.map.in b/libopenconnect.map.in
@@ -1,5 +1,6 @@
 OPENCONNECT_4.0 {
  global:
+	openconnect_free_cert_info;
 	openconnect_set_option_value;
 	openconnect_clear_cookie;
 	openconnect_get_cert_sha1;

diff --git a/openconnect.h b/openconnect.h
@@ -34,7 +34,7 @@
 /*
  * API version 4.0:
  *  - Change string handling to never transfer ownership of allocations.
- *  - Add openconnect_set_option_value()
+ *  - Add openconnect_set_option_value(), openconnect_free_cert_info().
  *
  * API version 3.4:
  *  - Add openconnect_set_token_callbacks()
@@ -282,13 +282,17 @@ typedef enum {
    with trailing NUL, representing the SHA1 fingerprint of the certificate. */
 int openconnect_get_cert_sha1(struct openconnect_info *vpninfo,
 			      OPENCONNECT_X509 *cert, char *buf);
+
+/* The buffers returned by these two functions must be freed with
+   openconnect_free_cert_info(), especially on Windows. */
 char *openconnect_get_cert_details(struct openconnect_info *vpninfo,
 				   OPENCONNECT_X509 *cert);
 /* Returns the length of the created DER output, in a newly-allocated buffer
-   that will need to be freed by the caller. */
+   that will need to be freed by openconnect_free_cert_info(). */
 int openconnect_get_cert_DER(struct openconnect_info *vpninfo,
 			     OPENCONNECT_X509 *cert, unsigned char **buf);
-
+void openconnect_free_cert_info(struct openconnect_info *vpninfo,
+				void *buf);
 /* Contains a comma-separated list of authentication methods to enabled.
    Currently supported: Negotiate,NTLM,Digest,Basic */
 int openconnect_set_proxy_auth(struct openconnect_info *vpninfo,

diff --git a/openssl.c b/openssl.c
@@ -1574,6 +1574,11 @@ char *openconnect_get_cert_details(struct openconnect_info *vpninfo,
 	return ret;
 }
 
+void openconnect_free_cert_info(struct openconnect_info *vpninfo,
+				void *buf)
+{
+	free(buf);
+}
 
 int openconnect_local_cert_md5(struct openconnect_info *vpninfo,
 			       char *buf)