diff options
-rw-r--r-- | NEWS | 9 | ||||
-rw-r--r-- | lib/x509/verify-high.c | 19 |
2 files changed, 23 insertions, 5 deletions
@@ -3,6 +3,15 @@ Copyright (C) 2000-2016 Free Software Foundation, Inc. Copyright (C) 2013-2016 Nikos Mavrogiannopoulos See the end for copying conditions. +* Version 3.3.31 (unreleased) + +** libgnutls: Fixed memory leaks and a double free in gnutls_x509_trust_list_add_crls(); + backported from 3.6.x. + +** API and ABI modifications: +No changes since last version. + + * Version 3.3.30 (released 2018-07-16) ** libgnutls: Corrected infinite loop when an incorrect PIN was provided diff --git a/lib/x509/verify-high.c b/lib/x509/verify-high.c index b4bec35bd5..5229ba445a 100644 --- a/lib/x509/verify-high.c +++ b/lib/x509/verify-high.c @@ -508,6 +508,7 @@ gnutls_x509_trust_list_add_crls(gnutls_x509_trust_list_t list, unsigned x; unsigned int vret = 0; uint32_t hash; + gnutls_x509_crl_t *tmp; /* Probably we can optimize things such as removing duplicates * etc. @@ -533,6 +534,8 @@ gnutls_x509_trust_list_add_crls(gnutls_x509_trust_list_t list, &vret); if (ret < 0 || vret != 0) { _gnutls_debug_log("CRL verification failed, not adding it\n"); + if (flags & GNUTLS_TL_NO_DUPLICATES) + gnutls_x509_crl_deinit(crl_list[i]); continue; } } @@ -552,22 +555,28 @@ gnutls_x509_trust_list_add_crls(gnutls_x509_trust_list_t list, } else { /* The new is older, discard it */ gnutls_x509_crl_deinit(crl_list[i]); - continue; + goto next; } } } } - list->node[hash].crls = - gnutls_realloc_fast(list->node[hash].crls, + tmp = + gnutls_realloc(list->node[hash].crls, (list->node[hash].crl_size + 1) * sizeof(list->node[hash]. trusted_cas[0])); - if (list->node[hash].crls == NULL) { + if (tmp == NULL) { + ret = i; gnutls_assert(); - return i; + if (flags & GNUTLS_TL_NO_DUPLICATES) + while (i < crl_size) + gnutls_x509_crl_deinit(crl_list[i++]); + return ret; } + list->node[hash].crls = tmp; + list->node[hash].crls[list->node[hash].crl_size] = crl_list[i]; |