gnutls_certificate_set_key: duplicate the provided memory

That is, do not assume that a heap allocated value is provided.

1 files changed, 11 insertions, 2 deletions

diff --git a/lib/gnutls_x509.c b/lib/gnutls_x509.c
index 1dfe5d8b79..3d773d5ea9 100644
--- a/lib/gnutls_x509.c
+++ b/lib/gnutls_x509.c
@@ -1206,7 +1206,7 @@ gnutls_certificate_get_x509_crt(gnutls_certificate_credentials_t res,
  * entity certificate (e.g., also an intermediate CA cert) then put
  * the certificate chain in @pcert_list. 
  *
- * Note that the @pcert_list and @key will become part of the credentials 
+ * Note that the @key and the elements of @pcert_list will become part of the credentials 
  * structure and must not be deallocated. They will be automatically deallocated 
  * when the @res type is deinitialized.
  *
@@ -1226,6 +1226,7 @@ gnutls_certificate_set_key(gnutls_certificate_credentials_t res,
 {
 	int ret, i;
 	gnutls_str_array_t str_names;
+	gnutls_pcert_st *new_pcert_list;
 
 	_gnutls_str_array_init(&str_names);
 
@@ -1251,12 +1252,20 @@ gnutls_certificate_set_key(gnutls_certificate_credentials_t res,
 		goto cleanup;
 	}
 
+	new_pcert_list = gnutls_malloc(sizeof(gnutls_pcert_st) * pcert_list_size);
+	if (new_pcert_list == NULL) {
+		gnutls_assert();
+		return GNUTLS_E_MEMORY_ERROR;
+	}
+	memcpy(new_pcert_list, pcert_list, sizeof(gnutls_pcert_st) * pcert_list_size);
+
 	ret =
 	    certificate_credential_append_crt_list(res, str_names,
-						   pcert_list,
+						   new_pcert_list,
 						   pcert_list_size);
 	if (ret < 0) {
 		gnutls_assert();
+		gnutls_free(new_pcert_list);
 		goto cleanup;
 	}