ext/status_request: ensure response IDs are properly deinitialized

That is, do not attempt to loop through the array if there is no array
allocated.

Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

1 files changed, 11 insertions, 6 deletions

diff --git a/lib/ext/status_request.c b/lib/ext/status_request.c
index f5a46dca23..049d852e35 100644
--- a/lib/ext/status_request.c
+++ b/lib/ext/status_request.c
@@ -69,7 +69,10 @@ typedef struct {
 
 static void deinit_responder_id(status_request_ext_st *priv)
 {
-unsigned i;
+	unsigned i;
+
+	if (priv->responder_id == NULL)
+		return;
 
 	for (i = 0; i < priv->responder_id_size; i++)
 		gnutls_free(priv->responder_id[i].data);
@@ -135,6 +138,7 @@ server_recv(gnutls_session_t session,
 {
 	size_t i;
 	ssize_t data_size = size;
+	unsigned responder_ids = 0;
 
 	/* minimum message is type (1) + responder_id_list (2) +
 	   request_extension (2) = 5 */
@@ -153,23 +157,24 @@ server_recv(gnutls_session_t session,
 	DECR_LEN(data_size, 1);
 	data++;
 
-	priv->responder_id_size = _gnutls_read_uint16(data);
+	responder_ids = _gnutls_read_uint16(data);
 
 	DECR_LEN(data_size, 2);
 	data += 2;
 
-	if (data_size <= (ssize_t) (priv->responder_id_size * 2))
+	if (data_size <= (ssize_t) (responder_ids * 2))
 		return
 		    gnutls_assert_val(GNUTLS_E_RECEIVED_ILLEGAL_PARAMETER);
 
-	if (priv->responder_id != NULL)
-		deinit_responder_id(priv);
+	deinit_responder_id(priv);
 
-	priv->responder_id = gnutls_calloc(1, priv->responder_id_size
+	priv->responder_id = gnutls_calloc(1, responder_ids
 					   * sizeof(*priv->responder_id));
 	if (priv->responder_id == NULL)
 		return gnutls_assert_val(GNUTLS_E_MEMORY_ERROR);
 
+	priv->responder_id_size = responder_ids;
+
 	for (i = 0; i < priv->responder_id_size; i++) {
 		size_t l;