OpenSSL: Fix memory leak in PKCS12 additional certificate parsing
The additional PKCS12 certificates were not freed properly in the loop
added in commit de2a7b796d ('OpenSSL: Use
connection certificate chain with PKCS#12 extra certs').
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
This commit is contained in:
Jouni Malinen
Jouni Malinen
parent
03e3ddf84e
commit
8bcf8de827
1 changed files with 6 additions and 2 deletions
|
|
@ -2488,13 +2488,15 @@ static int tls_parse_pkcs12(struct tls_data *data, SSL *ssl, PKCS12 *p12,
|
||||||
tls_show_errors(MSG_DEBUG, __func__,
|
tls_show_errors(MSG_DEBUG, __func__,
|
||||||
"Failed to add additional certificate");
|
"Failed to add additional certificate");
|
||||||
res = -1;
|
res = -1;
|
||||||
|
X509_free(cert);
|
||||||
break;
|
break;
|
||||||
}
|
}
|
||||||
|
X509_free(cert);
|
||||||
}
|
}
|
||||||
if (!res) {
|
if (!res) {
|
||||||
/* Try to continue anyway */
|
/* Try to continue anyway */
|
||||||
}
|
}
|
||||||
sk_X509_free(certs);
|
sk_X509_pop_free(certs, X509_free);
|
||||||
#ifndef OPENSSL_IS_BORINGSSL
|
#ifndef OPENSSL_IS_BORINGSSL
|
||||||
if (ssl)
|
if (ssl)
|
||||||
res = SSL_build_cert_chain(
|
res = SSL_build_cert_chain(
|
||||||
|
|
@ -2532,11 +2534,13 @@ static int tls_parse_pkcs12(struct tls_data *data, SSL *ssl, PKCS12 *p12,
|
||||||
*/
|
*/
|
||||||
if (SSL_CTX_add_extra_chain_cert(data->ssl, cert) != 1)
|
if (SSL_CTX_add_extra_chain_cert(data->ssl, cert) != 1)
|
||||||
{
|
{
|
||||||
|
X509_free(cert);
|
||||||
res = -1;
|
res = -1;
|
||||||
break;
|
break;
|
||||||
}
|
}
|
||||||
|
X509_free(cert);
|
||||||
}
|
}
|
||||||
sk_X509_free(certs);
|
sk_X509_pop_free(certs, X509_free);
|
||||||
#endif /* OPENSSL_VERSION_NUMBER >= 0x10002000L */
|
#endif /* OPENSSL_VERSION_NUMBER >= 0x10002000L */
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue