OpenSSL: fix PKCS#12 certificate parsing related memory leak

Leak triggered when CURLOPT_SSLCERTTYPE and CURLOPT_SSLKEYTYPE set to P12 and both CURLOPT_SSLCERT and CURLOPT_SSLKEY point to the same PKCS#12 file.
2024-12-22 08:08:50 -05:00 · 2012-01-18 13:39:12 +01:00 · 2012-01-18 13:39:12 +01:00 · 6ea7acf5a9
commit 6ea7acf5a9
parent a20daf90e3
1 changed files with 6 additions and 0 deletions
--- a/lib/ssluse.c
+++ b/lib/ssluse.c
@ -466,6 +466,7 @@ int cert_stuff(struct connectdata *conn,
        failf(data, SSL_CLIENT_CERT_ERR);
        EVP_PKEY_free(pri);
        X509_free(x509);
+        sk_X509_pop_free(ca, X509_free);
        return 0;
      }

@ -474,6 +475,7 @@ int cert_stuff(struct connectdata *conn,
              cert_file);
        EVP_PKEY_free(pri);
        X509_free(x509);
+        sk_X509_pop_free(ca, X509_free);
        return 0;
      }

@ -482,6 +484,7 @@ int cert_stuff(struct connectdata *conn,
              "does not match certificate in same file", cert_file);
        EVP_PKEY_free(pri);
        X509_free(x509);
+        sk_X509_pop_free(ca, X509_free);
        return 0;
      }
      /* Set Certificate Verification chain */
@ -491,12 +494,14 @@ int cert_stuff(struct connectdata *conn,
            failf(data, "cannot add certificate to certificate chain");
            EVP_PKEY_free(pri);
            X509_free(x509);
+            sk_X509_pop_free(ca, X509_free);
            return 0;
          }
          if(!SSL_CTX_add_client_CA(ctx, sk_X509_value(ca, i))) {
            failf(data, "cannot add certificate to client CA list");
            EVP_PKEY_free(pri);
            X509_free(x509);
+            sk_X509_pop_free(ca, X509_free);
            return 0;
          }
        }
@ -504,6 +509,7 @@ int cert_stuff(struct connectdata *conn,

      EVP_PKEY_free(pri);
      X509_free(x509);
+      sk_X509_pop_free(ca, X509_free);
      cert_done = 1;
      break;
 #else