diff options
author | Stefan Sørensen <stefan.sorensen@spectralink.com> | 2016-08-08 13:31:15 +0200 |
---|---|---|
committer | Nikos Mavrogiannopoulos <nmav@redhat.com> | 2016-08-09 19:15:21 +0200 |
commit | 83c647eb69dfc9917afc2e9afe897a06c405f060 (patch) | |
tree | 8132118b07a26af025846270e51abe05d456cfb0 | |
parent | 45c81fd07254d1de29cc2f24142ba275e680791f (diff) | |
download | gnutls-83c647eb69dfc9917afc2e9afe897a06c405f060.tar.gz |
Fix gnutls_pkcs12_simple_parse to always extract the complete chain
gnutls_pkcs12_simple_parse was only collecting extra certificates that was
possible elements of the certificate chain when the extra_certs argument was
not NULL. Fix by allways collecting all the certificates, any unneeded
certificates are released before returning if extra_certs is NULL anyway.
Signed-off-by: Stefan Sørensen <stefan.sorensen@spectralink.com>
-rw-r--r-- | lib/x509/pkcs12.c | 35 |
1 files changed, 15 insertions, 20 deletions
diff --git a/lib/x509/pkcs12.c b/lib/x509/pkcs12.c index 6f05c6c03d..00a3e7f055 100644 --- a/lib/x509/pkcs12.c +++ b/lib/x509/pkcs12.c @@ -1666,27 +1666,22 @@ gnutls_pkcs12_simple_parse(gnutls_pkcs12_t p12, } if (memcmp(cert_id, key_id, cert_id_size) != 0) { /* they don't match - skip the certificate */ - if (extra_certs) { - _extra_certs = - gnutls_realloc_fast - (_extra_certs, - sizeof(_extra_certs - [0]) * - ++_extra_certs_len); - if (!_extra_certs) { - gnutls_assert(); - ret = - GNUTLS_E_MEMORY_ERROR; - goto done; - } - _extra_certs - [_extra_certs_len - - 1] = this_cert; - this_cert = NULL; - } else { - gnutls_x509_crt_deinit - (this_cert); + _extra_certs = + gnutls_realloc_fast + (_extra_certs, + sizeof(_extra_certs + [0]) * + ++_extra_certs_len); + if (!_extra_certs) { + gnutls_assert(); + ret = + GNUTLS_E_MEMORY_ERROR; + goto done; } + _extra_certs + [_extra_certs_len - + 1] = this_cert; + this_cert = NULL; } else { if (chain && _chain_len == 0) { _chain = |