diff options
| author | Nikos Mavrogiannopoulos <nmav@redhat.com> | 2017-04-25 10:59:58 +0200 |
|---|---|---|
| committer | Nikos Mavrogiannopoulos <nmav@redhat.com> | 2017-04-25 11:02:50 +0200 |
| commit | 8b017be51429352f850a3b533e896c9d76ff69a1 (patch) | |
| tree | e24eb82546c4114076f549a353e2887e2734d766 | |
| parent | ee7d08b18fd759344c10171f2f561125cfe619e5 (diff) | |
| download | gnutls-8b017be51429352f850a3b533e896c9d76ff69a1.tar.gz | |
pkcs12: eliminate mem leaks in _pkcs12_decode_safe_contents
This makes sure we deinitialize previously available elements.
This addresses:
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=1173
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
| -rw-r--r-- | lib/x509/pkcs12.c | 5 | ||||
| -rw-r--r-- | tests/cert-tests/Makefile.am | 3 | ||||
| -rw-r--r-- | tests/cert-tests/data/mem-leak.p12 | bin | 0 -> 1474 bytes |
3 files changed, 5 insertions, 3 deletions
diff --git a/lib/x509/pkcs12.c b/lib/x509/pkcs12.c index 13619adf1d..e71d1f01db 100644 --- a/lib/x509/pkcs12.c +++ b/lib/x509/pkcs12.c @@ -502,10 +502,10 @@ _pkcs12_decode_safe_contents(const gnutls_datum_t * content, continue; } + _gnutls_free_datum(&bag->element[i].local_key_id); bag->element[i].local_key_id.data = t.data; bag->element[i].local_key_id.size = t.size; - } else if (strcmp(oid, FRIENDLY_NAME_OID) - == 0) { + } else if (strcmp(oid, FRIENDLY_NAME_OID) == 0 && bag->element[i].friendly_name == NULL) { result = _gnutls_x509_decode_string (ASN1_ETYPE_BMP_STRING, @@ -521,6 +521,7 @@ _pkcs12_decode_safe_contents(const gnutls_datum_t * content, continue; } + gnutls_free(bag->element[i].friendly_name); bag->element[i].friendly_name = (char *) t.data; } else { _gnutls_free_datum(&attr_val); diff --git a/tests/cert-tests/Makefile.am b/tests/cert-tests/Makefile.am index 80677900cc..ed8aefc1bf 100644 --- a/tests/cert-tests/Makefile.am +++ b/tests/cert-tests/Makefile.am @@ -73,7 +73,8 @@ EXTRA_DIST = data/ca-no-pathlen.pem data/no-ca-or-pathlen.pem data/aki-cert.pem data/key-corpus-rc2-1.p12.out data/no-salt.p12 data/mac-sha512.p12 data/pbes1-no-salt.p12 \ templates/inhibit-anypolicy.tmpl data/inhibit-anypolicy.pem data/aes-128.p12 \ data/pkcs7.smime data/invalid-date-hour.der data/invalid-date-mins.der \ - data/invalid-date-secs.der data/invalid-date-month.der data/invalid-date-day.der + data/invalid-date-secs.der data/invalid-date-month.der data/invalid-date-day.der \ + data/mem-leak.p12 dist_check_SCRIPTS = pathlen aki certtool invalid-sig email \ pkcs7 pkcs7-broken-sigs privkey-import name-constraints certtool-long-cn crl provable-privkey \ diff --git a/tests/cert-tests/data/mem-leak.p12 b/tests/cert-tests/data/mem-leak.p12 Binary files differnew file mode 100644 index 0000000000..e4eaff36c1 --- /dev/null +++ b/tests/cert-tests/data/mem-leak.p12 |