Fix gnutls_pkcs12_simple_parse to always extract the complete chain

gnutls_pkcs12_simple_parse was only collecting extra certificates that was
possible elements of the certificate chain when the extra_certs argument was
not NULL. Fix by allways collecting all the certificates, any unneeded
certificates are released before returning if extra_certs is NULL anyway.

Signed-off-by: Stefan Sørensen <stefan.sorensen@spectralink.com>

1 files changed, 15 insertions, 20 deletions

diff --git a/lib/x509/pkcs12.c b/lib/x509/pkcs12.c
index 6f05c6c03d..00a3e7f055 100644
--- a/lib/x509/pkcs12.c
+++ b/lib/x509/pkcs12.c
@@ -1666,27 +1666,22 @@ gnutls_pkcs12_simple_parse(gnutls_pkcs12_t p12,
 				}
 
 				if (memcmp(cert_id, key_id, cert_id_size) != 0) {	/* they don't match - skip the certificate */
-					if (extra_certs) {
-						_extra_certs =
-						    gnutls_realloc_fast
-						    (_extra_certs,
-						     sizeof(_extra_certs
-							    [0]) *
-						     ++_extra_certs_len);
-						if (!_extra_certs) {
-							gnutls_assert();
-							ret =
-							    GNUTLS_E_MEMORY_ERROR;
-							goto done;
-						}
-						_extra_certs
-						    [_extra_certs_len -
-						     1] = this_cert;
-						this_cert = NULL;
-					} else {
-						gnutls_x509_crt_deinit
-						    (this_cert);
+					_extra_certs =
+						gnutls_realloc_fast
+						(_extra_certs,
+						 sizeof(_extra_certs
+							[0]) *
+						 ++_extra_certs_len);
+					if (!_extra_certs) {
+						gnutls_assert();
+						ret =
+							GNUTLS_E_MEMORY_ERROR;
+						goto done;
 					}
+					_extra_certs
+						[_extra_certs_len -
+						 1] = this_cert;
+					this_cert = NULL;
 				} else {
 					if (chain && _chain_len == 0) {
 						_chain =