status_request: eliminated leak on error path

Issue found using oss-fuzz: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=269 Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
author: Nikos Mavrogiannopoulos <nmav@redhat.com> 2017-01-03 14:37:18 +0100
committer: Nikos Mavrogiannopoulos <nmav@redhat.com> 2017-01-05 09:02:12 +0100
commit: 943d395952de253045ea73d7602b2f0dfc1ea2bf (patch)
tree: 0d0efc894c1a7e782da2fa912a4073530a81874e /lib
parent: 9e5d75c8b77a9682cf10ffcb292f0c1488be753d (diff)
download: gnutls-943d395952de253045ea73d7602b2f0dfc1ea2bf.tar.gz
1 files changed, 10 insertions, 5 deletions
diff --git a/lib/ext/status_request.c b/lib/ext/status_request.c
index 5b9a71d898..f5a46dca23 100644
--- a/lib/ext/status_request.c
+++ b/lib/ext/status_request.c
@@ -689,18 +689,23 @@ int _gnutls_recv_server_certificate_status(gnutls_session_t session)
 	data_size = buf.length;
 
 	/* minimum message is type (1) + response (3) + data */
-	if (data_size == 0)
-		return 0;
-	else if (data_size < 4)
-		return
+	if (data_size == 0) {
+		ret = 0;
+		goto error;
+	} else if (data_size < 4) {
+		ret =
 		    gnutls_assert_val(GNUTLS_E_UNEXPECTED_PACKET_LENGTH);
+		goto error;
+	}
 
 	if (data[0] != 0x01) {
 		gnutls_assert();
 		_gnutls_handshake_log("EXT[%p]: unknown status_type %d\n",
 				      session, data[0]);
-		return 0;
+		ret = 0;
+		goto error;
 	}
+
 	DECR_LENGTH_COM(data_size, 1, ret =
 			GNUTLS_E_UNEXPECTED_PACKET_LENGTH;
 			goto error);
author	Nikos Mavrogiannopoulos <nmav@redhat.com>	2017-01-03 14:37:18 +0100
committer	Nikos Mavrogiannopoulos <nmav@redhat.com>	2017-01-05 09:02:12 +0100
commit	943d395952de253045ea73d7602b2f0dfc1ea2bf (patch)
tree	0d0efc894c1a7e782da2fa912a4073530a81874e /lib
parent	9e5d75c8b77a9682cf10ffcb292f0c1488be753d (diff)
download	gnutls-943d395952de253045ea73d7602b2f0dfc1ea2bf.tar.gz