From 01e2679b4972e4cd15290d0e1b05cd0988cb5b5e Mon Sep 17 00:00:00 2001 From: fullincome Date: Wed, 26 Aug 2020 13:15:15 +0300 Subject: schannel: fix memory leak when using get_cert_location The get_cert_location function allocates memory only on success. Previously get_cert_location was able to allocate memory and return error. It wasn't obvious and in this case the memory wasn't released. Fixes #5855 Closes #5860 --- lib/vtls/schannel.c | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) diff --git a/lib/vtls/schannel.c b/lib/vtls/schannel.c index 1c1432d75..4707ecfec 100644 --- a/lib/vtls/schannel.c +++ b/lib/vtls/schannel.c @@ -346,6 +346,8 @@ set_ssl_ciphers(SCHANNEL_CRED *schannel_cred, char *ciphers) } #ifdef HAS_CLIENT_CERT_PATH + +/* Function allocates memory for store_path only if CURLE_OK is returned */ static CURLcode get_cert_location(TCHAR *path, DWORD *store_name, TCHAR **store_path, TCHAR **thumbprint) @@ -388,16 +390,16 @@ get_cert_location(TCHAR *path, DWORD *store_name, TCHAR **store_path, if(sep == NULL) return CURLE_SSL_CERTPROBLEM; + *thumbprint = sep + 1; + if(_tcslen(*thumbprint) != CERT_THUMBPRINT_STR_LEN) + return CURLE_SSL_CERTPROBLEM; + *sep = TEXT('\0'); *store_path = _tcsdup(store_path_start); *sep = TEXT('\\'); if(*store_path == NULL) return CURLE_OUT_OF_MEMORY; - *thumbprint = sep + 1; - if(_tcslen(*thumbprint) != CERT_THUMBPRINT_STR_LEN) - return CURLE_SSL_CERTPROBLEM; - return CURLE_OK; } #endif -- cgit v1.2.1