From bbfd47d4bb6935b3eddae227deb9f340e2c1a69d Mon Sep 17 00:00:00 2001 From: Nikos Mavrogiannopoulos Date: Thu, 15 Dec 2016 15:02:18 +0100 Subject: gnutls_x509_ext_import_proxy: fix issue reading the policy language If the language was set but the policy wasn't, that could lead to a double free, as the value returned to the user was freed. --- lib/x509/x509_ext.c | 22 +++++++++++----------- 1 file changed, 11 insertions(+), 11 deletions(-) diff --git a/lib/x509/x509_ext.c b/lib/x509/x509_ext.c index f974b02796..ed0ad1d149 100644 --- a/lib/x509/x509_ext.c +++ b/lib/x509/x509_ext.c @@ -1414,7 +1414,8 @@ int gnutls_x509_ext_import_proxy(const gnutls_datum_t * ext, int *pathlen, { ASN1_TYPE c2 = ASN1_TYPE_EMPTY; int result; - gnutls_datum_t value = { NULL, 0 }; + gnutls_datum_t value1 = { NULL, 0 }; + gnutls_datum_t value2 = { NULL, 0 }; if ((result = asn1_create_element (_gnutls_get_pkix(), "PKIX1.ProxyCertInfo", @@ -1444,20 +1445,18 @@ int gnutls_x509_ext_import_proxy(const gnutls_datum_t * ext, int *pathlen, } result = _gnutls_x509_read_value(c2, "proxyPolicy.policyLanguage", - &value); + &value1); if (result < 0) { gnutls_assert(); goto cleanup; } if (policyLanguage) { - *policyLanguage = (char *)value.data; - } else { - gnutls_free(value.data); - value.data = NULL; + *policyLanguage = (char *)value1.data; + value1.data = NULL; } - result = _gnutls_x509_read_value(c2, "proxyPolicy.policy", &value); + result = _gnutls_x509_read_value(c2, "proxyPolicy.policy", &value2); if (result == GNUTLS_E_ASN1_ELEMENT_NOT_FOUND) { if (policy) *policy = NULL; @@ -1468,16 +1467,17 @@ int gnutls_x509_ext_import_proxy(const gnutls_datum_t * ext, int *pathlen, goto cleanup; } else { if (policy) { - *policy = (char *)value.data; - value.data = NULL; + *policy = (char *)value2.data; + value2.data = NULL; } if (sizeof_policy) - *sizeof_policy = value.size; + *sizeof_policy = value2.size; } result = 0; cleanup: - gnutls_free(value.data); + gnutls_free(value1.data); + gnutls_free(value2.data); asn1_delete_structure(&c2); return result; -- cgit v1.2.1