diff options
| author | Jeremy Harris <jgh146exb@wizmail.org> | 2015-06-22 10:32:01 +0100 |
|---|---|---|
| committer | Jeremy Harris <jgh146exb@wizmail.org> | 2015-06-22 10:32:01 +0100 |
| commit | 790fbb71d92b47c6637892f3feedc0f99000f01e (patch) | |
| tree | 38439c4bc236c31f1cea6c8460511759abc7ab8e | |
| parent | 8db90b31e34c8ecafdedae1cafca10f1ea8c91b7 (diff) | |
| download | exim4-790fbb71d92b47c6637892f3feedc0f99000f01e.tar.gz | |
Before importing a certificate, free any previous one. Bug 1648
Second try
| -rw-r--r-- | src/src/deliver.c | 12 | ||||
| -rw-r--r-- | src/src/functions.h | 6 | ||||
| -rw-r--r-- | src/src/spool_in.c | 6 | ||||
| -rw-r--r-- | src/src/tlscert-gnu.c | 11 | ||||
| -rw-r--r-- | src/src/tlscert-openssl.c | 9 |
5 files changed, 24 insertions, 20 deletions
diff --git a/src/src/deliver.c b/src/src/deliver.c index 543a618eb..78f8f4bd4 100644 --- a/src/src/deliver.c +++ b/src/src/deliver.c @@ -1170,16 +1170,8 @@ if (result == OK) delivery_log(LOG_MAIN, addr, logchar, NULL); #ifdef SUPPORT_TLS - if (tls_out.ourcert) - { - tls_free_cert(tls_out.ourcert); - tls_out.ourcert = NULL; - } - if (tls_out.peercert) - { - tls_free_cert(tls_out.peercert); - tls_out.peercert = NULL; - } + tls_free_cert(&tls_out.ourcert); + tls_free_cert(&tls_out.peercert); tls_out.cipher = NULL; tls_out.peerdn = NULL; tls_out.ocsp = OCSP_NOT_REQ; diff --git a/src/src/functions.h b/src/src/functions.h index 70f187050..02579040e 100644 --- a/src/src/functions.h +++ b/src/src/functions.h @@ -45,15 +45,15 @@ extern uschar * tls_cert_fprt_sha256(void *); extern int tls_client_start(int, host_item *, address_item *, transport_instance * -#ifdef EXPERIMENTAL_DANE +# ifdef EXPERIMENTAL_DANE , dns_answer * -#endif +# endif ); extern void tls_close(BOOL, BOOL); extern int tls_export_cert(uschar *, size_t, void *); extern int tls_feof(void); extern int tls_ferror(void); -extern void tls_free_cert(void *); +extern void tls_free_cert(void **); extern int tls_getc(void); extern int tls_import_cert(const uschar *, void **); extern int tls_read(BOOL, uschar *, size_t); diff --git a/src/src/spool_in.c b/src/src/spool_in.c index 9ce8ce5cb..1a5bf4ec8 100644 --- a/src/src/spool_in.c +++ b/src/src/spool_in.c @@ -288,8 +288,10 @@ tls_in.certificate_verified = FALSE; tls_in.dane_verified = FALSE; # endif tls_in.cipher = NULL; -tls_in.ourcert = NULL; -tls_in.peercert = NULL; +# ifndef COMPILE_UTILITY /* tls support fns not built in */ +tls_free_cert(&tls_in.ourcert); +tls_free_cert(&tls_in.peercert); +# endif tls_in.peerdn = NULL; tls_in.sni = NULL; tls_in.ocsp = OCSP_NOT_REQ; diff --git a/src/src/tlscert-gnu.c b/src/src/tlscert-gnu.c index 40f49d366..69ce27fc8 100644 --- a/src/src/tlscert-gnu.c +++ b/src/src/tlscert-gnu.c @@ -77,10 +77,15 @@ return fail; } void -tls_free_cert(void * cert) +tls_free_cert(void ** cert) { -gnutls_x509_crt_deinit((gnutls_x509_crt_t) cert); -gnutls_global_deinit(); +gnutls_x509_crt_t crt = *(gnutls_x509_crt_t *)cert; +if (crt) + { + gnutls_x509_crt_deinit(crt); + gnutls_global_deinit(); + *cert = NULL; + } } /***************************************************** diff --git a/src/src/tlscert-openssl.c b/src/src/tlscert-openssl.c index f2e482ba7..72808a7ad 100644 --- a/src/src/tlscert-openssl.c +++ b/src/src/tlscert-openssl.c @@ -75,9 +75,14 @@ return fail; } void -tls_free_cert(void * cert) +tls_free_cert(void ** cert) { -X509_free((X509 *)cert); +X509 * x = *(X509 **)cert; +if (x) + { + X509_free(x); + *cert = NULL; + } } |