diff options
author | Nikos Mavrogiannopoulos <nmav@gnutls.org> | 2004-07-09 08:31:23 +0000 |
---|---|---|
committer | Nikos Mavrogiannopoulos <nmav@gnutls.org> | 2004-07-09 08:31:23 +0000 |
commit | 02a28f31dd721574a3bd56af88f476717795c206 (patch) | |
tree | 514f40038c6fae62f045abf621b4419b2795cbb6 | |
parent | a72b1079766366cccd03997c464423c2c82608c2 (diff) | |
download | gnutls-02a28f31dd721574a3bd56af88f476717795c206.tar.gz |
eliminated some memory leaks. Reported by Yoann Vandoorselaere <yoann@prelude-ids.org>.
-rw-r--r-- | lib/gnutls_x509.c | 38 | ||||
-rw-r--r-- | lib/x509/verify.c | 9 | ||||
-rw-r--r-- | lib/x509/x509.c | 20 |
3 files changed, 30 insertions, 37 deletions
diff --git a/lib/gnutls_x509.c b/lib/gnutls_x509.c index ff2603333d..c8d204573a 100644 --- a/lib/gnutls_x509.c +++ b/lib/gnutls_x509.c @@ -99,9 +99,7 @@ int _gnutls_x509_cert_verify_peers(gnutls_session session) */ peer_certificate_list_size = info->ncerts; peer_certificate_list = - gnutls_calloc(1, - peer_certificate_list_size * - sizeof(gnutls_x509_crt)); + gnutls_calloc(1, peer_certificate_list_size * sizeof(gnutls_x509_crt)); if (peer_certificate_list == NULL) { gnutls_assert(); return GNUTLS_E_MEMORY_ERROR; @@ -117,8 +115,8 @@ int _gnutls_x509_cert_verify_peers(gnutls_session session) ret = gnutls_x509_crt_import(peer_certificate_list[i], - &info-> - raw_certificate_list[i], GNUTLS_X509_FMT_DER); + &info->raw_certificate_list[i], + GNUTLS_X509_FMT_DER); if (ret < 0) { gnutls_assert(); CLEAR_CERTS; @@ -130,10 +128,10 @@ int _gnutls_x509_cert_verify_peers(gnutls_session session) */ ret = gnutls_x509_crt_list_verify(peer_certificate_list, - peer_certificate_list_size, - cred->x509_ca_list, cred->x509_ncas, - cred->x509_crl_list, cred->x509_ncrls, - cred->verify_flags, &verify); + peer_certificate_list_size, + cred->x509_ca_list, cred->x509_ncas, + cred->x509_crl_list, cred->x509_ncrls, + cred->verify_flags, &verify); CLEAR_CERTS; @@ -431,8 +429,7 @@ static int parse_pem_cert_mem( gnutls_cert** cert_list, uint* ncerts, *cert_list = (gnutls_cert *) gnutls_realloc_fast( *cert_list, - i * - sizeof(gnutls_cert)); + i * sizeof(gnutls_cert)); if ( *cert_list == NULL) { gnutls_assert(); @@ -448,6 +445,7 @@ static int parse_pem_cert_mem( gnutls_cert** cert_list, uint* ncerts, gnutls_assert(); return ret; } + gnutls_free( ptr2); /* now we move ptr after the pem header */ @@ -925,7 +923,6 @@ int gnutls_certificate_set_x509_key_file(gnutls_certificate_credentials res, con static int generate_rdn_seq( gnutls_certificate_credentials res) { gnutls_datum tmp; -gnutls_datum _tmp; int ret; uint size, i; opaque *pdata; @@ -943,12 +940,13 @@ opaque *pdata; size = 0; for (i = 0; i < res->x509_ncas; i++) { - if ((ret = _gnutls_x509_crt_get_raw_issuer_dn( - res->x509_ca_list[i], &tmp)) < 0) { + ret = _gnutls_x509_crt_get_raw_issuer_dn( res->x509_ca_list[i], &tmp); + if (ret < 0) { gnutls_assert(); return ret; } size += (2 + tmp.size); + _gnutls_free_datum( &tmp); } if (res->x509_rdn_sequence.data != NULL) @@ -964,8 +962,8 @@ opaque *pdata; pdata = res->x509_rdn_sequence.data; for (i = 0; i < res->x509_ncas; i++) { - if ((ret = _gnutls_x509_crt_get_raw_issuer_dn( - res->x509_ca_list[i], &tmp)) < 0) { + ret = _gnutls_x509_crt_get_raw_issuer_dn( res->x509_ca_list[i], &tmp); + if (ret < 0) { gnutls_free(res->x509_rdn_sequence.data); res->x509_rdn_sequence.size = 0; res->x509_rdn_sequence.data = NULL; @@ -973,10 +971,9 @@ opaque *pdata; return ret; } - _tmp.data = (opaque*) tmp.data; - _tmp.size = tmp.size; - _gnutls_write_datum16(pdata, _tmp); + _gnutls_write_datum16(pdata, tmp); pdata += (2 + tmp.size); + _gnutls_free_datum( &tmp); } return 0; @@ -1065,8 +1062,7 @@ static int parse_pem_ca_mem( gnutls_x509_crt** cert_list, uint* ncerts, *cert_list = (gnutls_x509_crt *) gnutls_realloc_fast( *cert_list, - i * - sizeof(gnutls_x509_crt)); + i * sizeof(gnutls_x509_crt)); if ( *cert_list == NULL) { gnutls_assert(); diff --git a/lib/x509/verify.c b/lib/x509/verify.c index 44a152b7d3..e96a798fb6 100644 --- a/lib/x509/verify.c +++ b/lib/x509/verify.c @@ -278,10 +278,9 @@ cleanup: */ static unsigned int _gnutls_x509_verify_certificate(gnutls_x509_crt * certificate_list, - int clist_size, - gnutls_x509_crt * trusted_cas, - int tcas_size, gnutls_x509_crl *CRLs, - int crls_size, unsigned int flags) + int clist_size, gnutls_x509_crt * trusted_cas, + int tcas_size, gnutls_x509_crl *CRLs, + int crls_size, unsigned int flags) { int i = 0, ret; unsigned int status = 0, output; @@ -306,7 +305,7 @@ unsigned int _gnutls_x509_verify_certificate(gnutls_x509_crt * certificate_list, if ((ret = _gnutls_verify_certificate2(certificate_list[i], - &certificate_list[i + 1], 1, flags, NULL)) != 1) + &certificate_list[i + 1], 1, flags, NULL)) != 1) { status |= GNUTLS_CERT_INVALID; } diff --git a/lib/x509/x509.c b/lib/x509/x509.c index 5d8ce24a22..1fecb3f963 100644 --- a/lib/x509/x509.c +++ b/lib/x509/x509.c @@ -1075,7 +1075,7 @@ int _gnutls_x509_crt_get_raw_dn2( gnutls_x509_crt cert, ASN1_TYPE c2 = ASN1_TYPE_EMPTY; int result, len1; int start1, end1; - gnutls_datum signed_data; + gnutls_datum signed_data = { NULL, 0 }; /* get the issuer of 'cert' */ @@ -1125,35 +1125,33 @@ cleanup: /*- * _gnutls_x509_crt_get_raw_issuer_dn - This function returns the issuer's DN DER encoded * @cert: should contain a gnutls_x509_crt structure - * @start: will hold the starting point of the DN + * @dn: will hold the allocated data with the DN * - * This function will return a pointer to the DER encoded DN structure and - * the length. + * This function will allocate data and return the DER encoded DN structure. * * Returns 0 on success or a negative value on error. * -*/ int _gnutls_x509_crt_get_raw_issuer_dn( gnutls_x509_crt cert, - gnutls_datum* start) + gnutls_datum* dn) { - return _gnutls_x509_crt_get_raw_dn2( cert, "issuer", start); + return _gnutls_x509_crt_get_raw_dn2( cert, "issuer", dn); } /*- * _gnutls_x509_crt_get_raw_dn - This function returns the subject's DN DER encoded * @cert: should contain a gnutls_x509_crt structure - * @start: will hold the starting point of the DN + * @dn: will hold the allocated data with the DN * - * This function will return a pointer to the DER encoded DN structure and - * the length. + * This function will allocate data and return the DER encoded DN structure. * * Returns 0 on success, or a negative value on error. * -*/ int _gnutls_x509_crt_get_raw_dn( gnutls_x509_crt cert, - gnutls_datum * start) + gnutls_datum * dn) { - return _gnutls_x509_crt_get_raw_dn2( cert, "subject", start); + return _gnutls_x509_crt_get_raw_dn2( cert, "subject", dn); } |