1
0
mirror of https://github.com/moparisthebest/curl synced 2024-12-22 16:18:48 -05:00

OpenSSL: fix PKCS#12 certificate parsing related memory leak

Leak triggered when CURLOPT_SSLCERTTYPE and CURLOPT_SSLKEYTYPE set to P12
and both CURLOPT_SSLCERT and CURLOPT_SSLKEY point to the same PKCS#12 file.
This commit is contained in:
Johannes Bauer 2012-01-18 13:39:12 +01:00 committed by Yang Tse
parent a20daf90e3
commit 6ea7acf5a9

View File

@ -466,6 +466,7 @@ int cert_stuff(struct connectdata *conn,
failf(data, SSL_CLIENT_CERT_ERR);
EVP_PKEY_free(pri);
X509_free(x509);
sk_X509_pop_free(ca, X509_free);
return 0;
}
@ -474,6 +475,7 @@ int cert_stuff(struct connectdata *conn,
cert_file);
EVP_PKEY_free(pri);
X509_free(x509);
sk_X509_pop_free(ca, X509_free);
return 0;
}
@ -482,6 +484,7 @@ int cert_stuff(struct connectdata *conn,
"does not match certificate in same file", cert_file);
EVP_PKEY_free(pri);
X509_free(x509);
sk_X509_pop_free(ca, X509_free);
return 0;
}
/* Set Certificate Verification chain */
@ -491,12 +494,14 @@ int cert_stuff(struct connectdata *conn,
failf(data, "cannot add certificate to certificate chain");
EVP_PKEY_free(pri);
X509_free(x509);
sk_X509_pop_free(ca, X509_free);
return 0;
}
if(!SSL_CTX_add_client_CA(ctx, sk_X509_value(ca, i))) {
failf(data, "cannot add certificate to client CA list");
EVP_PKEY_free(pri);
X509_free(x509);
sk_X509_pop_free(ca, X509_free);
return 0;
}
}
@ -504,6 +509,7 @@ int cert_stuff(struct connectdata *conn,
EVP_PKEY_free(pri);
X509_free(x509);
sk_X509_pop_free(ca, X509_free);
cert_done = 1;
break;
#else