diff options
author | Johannes Bauer <Jb.Imm@gmx.de> | 2012-01-18 13:39:12 +0100 |
---|---|---|
committer | Yang Tse <yangsita@gmail.com> | 2012-01-18 13:39:12 +0100 |
commit | 6ea7acf5a96786f7514be4fbce174cdc8bedfdd1 (patch) | |
tree | 0c3b9a66c340b941e08cf4366b7e0b1ca82825fb | |
parent | a20daf90e358c1476a325ea665d533f7a27e3364 (diff) | |
download | curl-6ea7acf5a96786f7514be4fbce174cdc8bedfdd1.tar.gz |
OpenSSL: fix PKCS#12 certificate parsing related memory leak
Leak triggered when CURLOPT_SSLCERTTYPE and CURLOPT_SSLKEYTYPE set to P12
and both CURLOPT_SSLCERT and CURLOPT_SSLKEY point to the same PKCS#12 file.
-rw-r--r-- | lib/ssluse.c | 6 |
1 files changed, 6 insertions, 0 deletions
diff --git a/lib/ssluse.c b/lib/ssluse.c index b09ba6db7..ec1a149c8 100644 --- a/lib/ssluse.c +++ b/lib/ssluse.c @@ -466,6 +466,7 @@ int cert_stuff(struct connectdata *conn, failf(data, SSL_CLIENT_CERT_ERR); EVP_PKEY_free(pri); X509_free(x509); + sk_X509_pop_free(ca, X509_free); return 0; } @@ -474,6 +475,7 @@ int cert_stuff(struct connectdata *conn, cert_file); EVP_PKEY_free(pri); X509_free(x509); + sk_X509_pop_free(ca, X509_free); return 0; } @@ -482,6 +484,7 @@ int cert_stuff(struct connectdata *conn, "does not match certificate in same file", cert_file); EVP_PKEY_free(pri); X509_free(x509); + sk_X509_pop_free(ca, X509_free); return 0; } /* Set Certificate Verification chain */ @@ -491,12 +494,14 @@ int cert_stuff(struct connectdata *conn, failf(data, "cannot add certificate to certificate chain"); EVP_PKEY_free(pri); X509_free(x509); + sk_X509_pop_free(ca, X509_free); return 0; } if(!SSL_CTX_add_client_CA(ctx, sk_X509_value(ca, i))) { failf(data, "cannot add certificate to client CA list"); EVP_PKEY_free(pri); X509_free(x509); + sk_X509_pop_free(ca, X509_free); return 0; } } @@ -504,6 +509,7 @@ int cert_stuff(struct connectdata *conn, EVP_PKEY_free(pri); X509_free(x509); + sk_X509_pop_free(ca, X509_free); cert_done = 1; break; #else |