Allocate data returned by pkcs7_t.get_attribute()

diff --git a/src/libstrongswan/credentials/containers/pkcs7.h b/src/libstrongswan/credentials/containers/pkcs7.h
index d79650e7453f009b03b0a842a29b32eeda906ff3..d42d82b0b43b6604433eb9907f2169bc233255a4 100644 (file)
--- a/src/libstrongswan/credentials/containers/pkcs7.h
+++ b/src/libstrongswan/credentials/containers/pkcs7.h
@@ -41,9 +41,12 @@ struct pkcs7_t {
         * To select the signerInfo structure to get the attribute from, pass
         * the enumerator position from container_t.create_signature_enumerator().
         *
+        * The attribute returned does not contain type information and must be
+        * freed after use.
+        *
         * @param oid                   OID from the attribute to get
         * @param enumerator    enumerator to select signerInfo
-        * @param value                 chunk receiving attribute value, internal data
+        * @param value                 chunk receiving attribute value, allocated
         * @return                              TRUE if attribute found
         */
        bool (*get_attribute)(pkcs7_t *this, int oid, enumerator_t *enumerator,

diff --git a/src/libstrongswan/plugins/pkcs7/pkcs7_signed_data.c b/src/libstrongswan/plugins/pkcs7/pkcs7_signed_data.c
index 4c963ab823d164e4d4c65b8f20901a07f80f39b8..2ef97084fc4f7621baad2e1a26a32c7306b06938 100644 (file)
--- a/src/libstrongswan/plugins/pkcs7/pkcs7_signed_data.c
+++ b/src/libstrongswan/plugins/pkcs7/pkcs7_signed_data.c
@@ -323,7 +323,7 @@ METHOD(pkcs7_t, get_attribute, bool,
                chunk = e->info->attributes->get_attribute(e->info->attributes, oid);
                if (chunk.len)
                {
-                       *value = chunk;
+                       *value = chunk_clone(chunk);
                        return TRUE;
                }
        }

diff --git a/src/pki/commands/pkcs7.c b/src/pki/commands/pkcs7.c
index d5bee759f3fd927d6b37ffafd5ccb71f57d10d72..3d53ace001d946bea3e0702eacedf25b2bd1120e 100644 (file)
--- a/src/pki/commands/pkcs7.c
+++ b/src/pki/commands/pkcs7.c
@@ -114,6 +114,7 @@ static int verify(chunk_t chunk)
                                {
                                        fprintf(stderr, " at %T", &t, FALSE);
                                }
+                               free(data.ptr);
                        }
                        fprintf(stderr, "\n");
                }

diff --git a/src/scepclient/scep.c b/src/scepclient/scep.c
index faaac8851eb4122f8fe2a4319064142147e094bc..62b244efd1a79a9281f27a782de5b13eefb78983 100644 (file)
--- a/src/scepclient/scep.c
+++ b/src/scepclient/scep.c
@@ -85,6 +85,7 @@ void extract_attributes(pkcs7_t *pkcs7, enumerator_t *enumerator,
                        }
                }
                DBG2(DBG_APP, "messageType:  %s", msgType_names[attrs->msgType]);
+               free(attr.ptr);
        }
        if (pkcs7->get_attribute(pkcs7, OID_PKI_STATUS, enumerator, &attr))
        {
@@ -98,6 +99,7 @@ void extract_attributes(pkcs7_t *pkcs7, enumerator_t *enumerator,
                        }
                }
                DBG2(DBG_APP, "pkiStatus:    %s", pkiStatus_names[attrs->pkiStatus]);
+               free(attr.ptr);
        }
        if (pkcs7->get_attribute(pkcs7, OID_PKI_FAIL_INFO, enumerator, &attr))
        {
@@ -109,6 +111,7 @@ void extract_attributes(pkcs7_t *pkcs7, enumerator_t *enumerator,
                {
                        DBG1(DBG_APP, "failInfo:     %s", failInfo_reasons[attrs->failInfo]);
                }
+               free(attr.ptr);
        }
 
        pkcs7->get_attribute(pkcs7, OID_PKI_SENDER_NONCE, enumerator,