diff options
author | Nikos Mavrogiannopoulos <nmav@redhat.com> | 2016-05-03 14:24:08 +0200 |
---|---|---|
committer | Nikos Mavrogiannopoulos <nmav@redhat.com> | 2016-05-03 15:44:45 +0200 |
commit | b7fc394b8e520f5c77517f130b3d8ebfd7690b97 (patch) | |
tree | 862e2744a5958eb0fcfc6156b17d088fdd0f2a0b | |
parent | 735f3e4b343bb99efce9a4eba62d324e4711fa42 (diff) | |
download | gnutls-b7fc394b8e520f5c77517f130b3d8ebfd7690b97.tar.gz |
gnutls_certificate_set_key: duplicate the provided memory
That is, do not assume that a heap allocated value is provided.
-rw-r--r-- | lib/gnutls_x509.c | 13 |
1 files changed, 11 insertions, 2 deletions
diff --git a/lib/gnutls_x509.c b/lib/gnutls_x509.c index 1dfe5d8b79..3d773d5ea9 100644 --- a/lib/gnutls_x509.c +++ b/lib/gnutls_x509.c @@ -1206,7 +1206,7 @@ gnutls_certificate_get_x509_crt(gnutls_certificate_credentials_t res, * entity certificate (e.g., also an intermediate CA cert) then put * the certificate chain in @pcert_list. * - * Note that the @pcert_list and @key will become part of the credentials + * Note that the @key and the elements of @pcert_list will become part of the credentials * structure and must not be deallocated. They will be automatically deallocated * when the @res type is deinitialized. * @@ -1226,6 +1226,7 @@ gnutls_certificate_set_key(gnutls_certificate_credentials_t res, { int ret, i; gnutls_str_array_t str_names; + gnutls_pcert_st *new_pcert_list; _gnutls_str_array_init(&str_names); @@ -1251,12 +1252,20 @@ gnutls_certificate_set_key(gnutls_certificate_credentials_t res, goto cleanup; } + new_pcert_list = gnutls_malloc(sizeof(gnutls_pcert_st) * pcert_list_size); + if (new_pcert_list == NULL) { + gnutls_assert(); + return GNUTLS_E_MEMORY_ERROR; + } + memcpy(new_pcert_list, pcert_list, sizeof(gnutls_pcert_st) * pcert_list_size); + ret = certificate_credential_append_crt_list(res, str_names, - pcert_list, + new_pcert_list, pcert_list_size); if (ret < 0) { gnutls_assert(); + gnutls_free(new_pcert_list); goto cleanup; } |