Initialization of gnutls_x509_dn_t was modified to allow deinitialization after failure

3 files changed, 23 insertions, 20 deletions

diff --git a/lib/x509/common.h b/lib/x509/common.h
index 3250276f3d..bbb8b12f7a 100644
--- a/lib/x509/common.h
+++ b/lib/x509/common.h
@@ -74,6 +74,10 @@
 #define ASN1_NULL "\x05\x00"
 #define ASN1_NULL_SIZE 2
 
+typedef struct gnutls_x509_dn_st {
+	ASN1_TYPE asn;
+} gnutls_x509_dn_st;
+
 int _gnutls_x509_set_time(ASN1_TYPE c2, const char *where, time_t tim,
 			  int general);
 
diff --git a/lib/x509/dn.c b/lib/x509/dn.c
index 1184a1323f..a3522e6a30 100644
--- a/lib/x509/dn.c
+++ b/lib/x509/dn.c
@@ -754,17 +754,17 @@ _gnutls_x509_set_dn_oid(ASN1_TYPE asn1_struct,
 int gnutls_x509_dn_init(gnutls_x509_dn_t * dn)
 {
 	int result;
-	ASN1_TYPE tmpdn = ASN1_TYPE_EMPTY;
+
+	*dn = gnutls_calloc(1, sizeof(gnutls_x509_dn_st));
 
 	if ((result =
 	     asn1_create_element(_gnutls_get_pkix(),
-				 "PKIX1.Name", &tmpdn)) != ASN1_SUCCESS) {
+				 "PKIX1.Name", &(*dn)->asn)) != ASN1_SUCCESS) {
 		gnutls_assert();
+		gnutls_free(*dn);
 		return _gnutls_asn2err(result);
 	}
 
-	*dn = tmpdn;
-
 	return 0;
 }
 
@@ -791,7 +791,7 @@ int gnutls_x509_dn_import(gnutls_x509_dn_t dn, const gnutls_datum_t * data)
 	if (data->data == NULL || data->size == 0)
 		return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST);
 
-	result = _asn1_strict_der_decode((ASN1_TYPE *) & dn,
+	result = _asn1_strict_der_decode(&dn->asn,
 				   data->data, data->size, err);
 	if (result != ASN1_SUCCESS) {
 		/* couldn't decode DER */
@@ -814,7 +814,8 @@ int gnutls_x509_dn_import(gnutls_x509_dn_t dn, const gnutls_datum_t * data)
  **/
 void gnutls_x509_dn_deinit(gnutls_x509_dn_t dn)
 {
-	asn1_delete_structure((ASN1_TYPE *) & dn);
+	asn1_delete_structure(&dn->asn);
+	gnutls_free(dn);
 }
 
 /**
@@ -1026,14 +1027,12 @@ gnutls_x509_dn_export(gnutls_x509_dn_t dn,
 		      gnutls_x509_crt_fmt_t format, void *output_data,
 		      size_t * output_data_size)
 {
-	ASN1_TYPE asn1 = dn;
-
-	if (asn1 == NULL) {
+	if (dn == NULL) {
 		gnutls_assert();
 		return GNUTLS_E_INVALID_REQUEST;
 	}
 
-	return _gnutls_x509_export_int_named(asn1, "rdnSequence",
+	return _gnutls_x509_export_int_named(dn->asn, "rdnSequence",
 					     format, "NAME",
 					     output_data,
 					     output_data_size);
@@ -1061,13 +1060,11 @@ int
 gnutls_x509_dn_export2(gnutls_x509_dn_t dn,
 		       gnutls_x509_crt_fmt_t format, gnutls_datum_t * out)
 {
-	ASN1_TYPE asn1 = dn;
-
-	if (asn1 == NULL) {
+	if (dn == NULL) {
 		gnutls_assert();
 		return GNUTLS_E_INVALID_REQUEST;
 	}
 
-	return _gnutls_x509_export_int_named2(asn1, "rdnSequence",
+	return _gnutls_x509_export_int_named2(dn->asn, "rdnSequence",
 					      format, "NAME", out);
 }
diff --git a/lib/x509/x509.c b/lib/x509/x509.c
index fbfe904a00..af109015ab 100644
--- a/lib/x509/x509.c
+++ b/lib/x509/x509.c
@@ -2291,8 +2291,12 @@ int gnutls_x509_crt_get_raw_dn(gnutls_x509_crt_t cert, gnutls_datum_t * dn)
 static int
 get_dn(gnutls_x509_crt_t cert, const char *whom, gnutls_x509_dn_t * dn)
 {
-	*dn = asn1_find_node(cert->cert, whom);
-	if (!*dn)
+	*dn = gnutls_calloc(1, sizeof(gnutls_x509_dn_st));
+	if (*dn == NULL)
+		return gnutls_assert_val(GNUTLS_E_MEMORY_ERROR);
+
+	(*dn)->asn = asn1_find_node(cert->cert, whom);
+	if (!(*dn)->asn)
 		return GNUTLS_E_ASN1_ELEMENT_NOT_FOUND;
 	return 0;
 }
@@ -2381,7 +2385,7 @@ gnutls_x509_dn_get_rdn_ava(gnutls_x509_dn_t dn,
 	irdn++;			/* 0->1, 1->2 etc */
 
 	snprintf(rbuf, sizeof(rbuf), "rdnSequence.?%d.?%d", irdn, iava);
-	rdn = asn1_find_node(dn, rbuf);
+	rdn = asn1_find_node(dn->asn, rbuf);
 	if (!rdn) {
 		gnutls_assert();
 		return GNUTLS_E_ASN1_ELEMENT_NOT_FOUND;
@@ -2472,14 +2476,12 @@ gnutls_x509_dn_get_rdn_ava(gnutls_x509_dn_t dn,
 int
 gnutls_x509_dn_get_str(gnutls_x509_dn_t dn, gnutls_datum_t *str)
 {
-	ASN1_TYPE asn1 = dn;
-
 	if (dn == NULL) {
 		gnutls_assert();
 		return GNUTLS_E_INVALID_REQUEST;
 	}
 
-	return _gnutls_x509_get_dn(asn1, "rdnSequence", str);
+	return _gnutls_x509_get_dn(dn->asn, "rdnSequence", str);
 }
 
 /**