Skip to content
Permalink
Browse files
GnuTLS: Fix password memory leaks
Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
  • Loading branch information
David Woodhouse authored and David Woodhouse committed Jun 12, 2012
1 parent d36cb52 commit 1e70b7336ac19c39fc3146d2747f3c4f115e6171
Showing with 7 additions and 2 deletions.
  1. +7 −2 gnutls.c
@@ -357,9 +357,11 @@ static int load_pkcs12_certificate(struct openconnect_info *vpninfo,
gnutls_strerror(err));
return ret;
}

err = gnutls_pkcs12_simple_parse(p12, pass, key, chain, chain_len,
extra_certs, extra_certs_len, crl, 0);
free(pass);
vpninfo->cert_password = NULL;

gnutls_pkcs12_deinit(p12);
if (err) {
vpn_progress(vpninfo, PRG_ERR,
@@ -719,10 +721,11 @@ static int load_certificate(struct openconnect_info *vpninfo)
ret = -EINVAL;
goto out;
}
vpninfo->cert_password = NULL;
if (pass) {
vpn_progress(vpninfo, PRG_ERR,
_("Failed to decrypt PKCS#8 certificate file\n"));
free (pass);
free(pass);
}
err = request_passphrase(vpninfo, &pass,
_("Enter PEM pass phrase:"));
@@ -731,6 +734,8 @@ static int load_certificate(struct openconnect_info *vpninfo)
goto out;
}
}
free(pass);
vpninfo->cert_password = NULL;
}

/* Now attempt to make sure we use the *correct* certificate, to match the key */

0 comments on commit 1e70b73

Please sign in to comment.