diff options
author | Tim Rühsen <tim.ruehsen@gmx.de> | 2017-08-07 23:04:36 +0200 |
---|---|---|
committer | Nikos Mavrogiannopoulos <nmav@gnutls.org> | 2017-08-08 21:17:56 +0200 |
commit | 950fced8febacb419d15bc2f84d02eefcb4f2046 (patch) | |
tree | c8fc2cbca2f355ed2c7aeac4bc638b0e39a00550 | |
parent | 0c06a406be6ac331cded58d46f49df3b20c444d2 (diff) | |
download | gnutls-950fced8febacb419d15bc2f84d02eefcb4f2046.tar.gz |
Fix memleaks in gnutls_x509_trust_list_add_crls()
Signed-off-by: Tim Rühsen <tim.ruehsen@gmx.de>
-rw-r--r-- | lib/x509/verify-high.c | 19 |
1 files changed, 14 insertions, 5 deletions
diff --git a/lib/x509/verify-high.c b/lib/x509/verify-high.c index d78a2d4b7b..69fc0f2e68 100644 --- a/lib/x509/verify-high.c +++ b/lib/x509/verify-high.c @@ -708,6 +708,7 @@ gnutls_x509_trust_list_add_crls(gnutls_x509_trust_list_t list, unsigned x, i, j = 0; unsigned int vret = 0; uint32_t hash; + gnutls_x509_crl_t *tmp; /* Probably we can optimize things such as removing duplicates * etc. @@ -733,6 +734,8 @@ gnutls_x509_trust_list_add_crls(gnutls_x509_trust_list_t list, &vret); if (ret < 0 || vret != 0) { _gnutls_debug_log("CRL verification failed, not adding it\n"); + if (flags & GNUTLS_TL_NO_DUPLICATES) + gnutls_x509_crl_deinit(crl_list[i]); continue; } } @@ -752,22 +755,28 @@ gnutls_x509_trust_list_add_crls(gnutls_x509_trust_list_t list, } else { /* The new is older, discard it */ gnutls_x509_crl_deinit(crl_list[i]); - continue; + goto next; } } } } - list->node[hash].crls = - gnutls_realloc_fast(list->node[hash].crls, + tmp = + gnutls_realloc(list->node[hash].crls, (list->node[hash].crl_size + 1) * sizeof(list->node[hash]. trusted_cas[0])); - if (list->node[hash].crls == NULL) { + if (tmp == NULL) { + ret = i; gnutls_assert(); - return i; + if (flags & GNUTLS_TL_NO_DUPLICATES) + while (i < crl_size) + gnutls_x509_crl_deinit(crl_list[i++]); + return ret; } + list->node[hash].crls = tmp; + list->node[hash].crls[list->node[hash].crl_size] = crl_list[i]; |