mirror of
https://github.com/moparisthebest/curl
synced 2024-12-22 16:18:48 -05:00
OpenSSL: fix PKCS#12 certificate parsing related memory leak
Leak triggered when CURLOPT_SSLCERTTYPE and CURLOPT_SSLKEYTYPE set to P12 and both CURLOPT_SSLCERT and CURLOPT_SSLKEY point to the same PKCS#12 file.
This commit is contained in:
parent
a20daf90e3
commit
6ea7acf5a9
@ -466,6 +466,7 @@ int cert_stuff(struct connectdata *conn,
|
||||
failf(data, SSL_CLIENT_CERT_ERR);
|
||||
EVP_PKEY_free(pri);
|
||||
X509_free(x509);
|
||||
sk_X509_pop_free(ca, X509_free);
|
||||
return 0;
|
||||
}
|
||||
|
||||
@ -474,6 +475,7 @@ int cert_stuff(struct connectdata *conn,
|
||||
cert_file);
|
||||
EVP_PKEY_free(pri);
|
||||
X509_free(x509);
|
||||
sk_X509_pop_free(ca, X509_free);
|
||||
return 0;
|
||||
}
|
||||
|
||||
@ -482,6 +484,7 @@ int cert_stuff(struct connectdata *conn,
|
||||
"does not match certificate in same file", cert_file);
|
||||
EVP_PKEY_free(pri);
|
||||
X509_free(x509);
|
||||
sk_X509_pop_free(ca, X509_free);
|
||||
return 0;
|
||||
}
|
||||
/* Set Certificate Verification chain */
|
||||
@ -491,12 +494,14 @@ int cert_stuff(struct connectdata *conn,
|
||||
failf(data, "cannot add certificate to certificate chain");
|
||||
EVP_PKEY_free(pri);
|
||||
X509_free(x509);
|
||||
sk_X509_pop_free(ca, X509_free);
|
||||
return 0;
|
||||
}
|
||||
if(!SSL_CTX_add_client_CA(ctx, sk_X509_value(ca, i))) {
|
||||
failf(data, "cannot add certificate to client CA list");
|
||||
EVP_PKEY_free(pri);
|
||||
X509_free(x509);
|
||||
sk_X509_pop_free(ca, X509_free);
|
||||
return 0;
|
||||
}
|
||||
}
|
||||
@ -504,6 +509,7 @@ int cert_stuff(struct connectdata *conn,
|
||||
|
||||
EVP_PKEY_free(pri);
|
||||
X509_free(x509);
|
||||
sk_X509_pop_free(ca, X509_free);
|
||||
cert_done = 1;
|
||||
break;
|
||||
#else
|
||||
|
Loading…
Reference in New Issue
Block a user