Moved gc_new and gc_free to begin end of function

As a safety measure against future modifications

Signed-off-by: Adriaan de Jong <dejong@fox-it.com>
Acked-by: James Yonan <james@openvpn.net>
Signed-off-by: David Sommerseth <davids@redhat.com>

diff --git a/ssl_verify.c b/ssl_verify.c
index 0ce5dda97f153d867152f7eaa81328f44a047673..75322d7816d315a8e424269e22041ec334dafe73 100644 (file)
--- a/ssl_verify.c
+++ b/ssl_verify.c
@@ -500,15 +500,14 @@ verify_cert_call_command(const char *verify_command, struct env_set *es,
     int cert_depth, x509_cert_t *cert, char *subject, const char *verify_export_cert)
 {
   const char *tmp_file = NULL;
-  struct gc_arena gc;
   int ret;
+  struct gc_arena gc = gc_new();
   struct argv argv = argv_new ();
 
   setenv_str (es, "script_type", "tls-verify");
 
   if (verify_export_cert)
     {
-      gc = gc_new();
       if ((tmp_file=verify_cert_export_cert(cert, verify_export_cert, &gc)))
        {
          setenv_str(es, "peer_cert", tmp_file);
@@ -524,9 +523,9 @@ verify_cert_call_command(const char *verify_command, struct env_set *es,
     {
        if (tmp_file)
           delete_file(tmp_file);
-       gc_free(&gc);
     }
 
+  gc_free(&gc);
   argv_reset (&argv);
 
   if (ret)