From 3e7ddf94a28ab8ca897e5284362e7f0acb0a9652 Mon Sep 17 00:00:00 2001
From: Daniel Stenberg <daniel@haxx.se>
Date: Wed, 4 Sep 2024 10:07:08 +0200
Subject: [PATCH] schannel: avoid malloc for CAinfo_blob_digest

...it can just as well be part of the struct always.

Closes #14777
---
 lib/vtls/schannel.c     | 18 +++---------------
 lib/vtls/schannel_int.h |  4 +++-
 2 files changed, 6 insertions(+), 16 deletions(-)

diff --git a/lib/vtls/schannel.c b/lib/vtls/schannel.c
index ee04824a73..a9dcbe45a0 100644
--- a/lib/vtls/schannel.c
+++ b/lib/vtls/schannel.c
@@ -2846,9 +2846,6 @@ HCERTSTORE Curl_schannel_get_cached_cert_store(struct Curl_cfilter *cf,
   }
 
   if(ca_info_blob) {
-    if(!share->CAinfo_blob_digest) {
-      return NULL;
-    }
     if(share->CAinfo_blob_size != ca_info_blob->len) {
       return NULL;
     }
@@ -2856,10 +2853,9 @@ HCERTSTORE Curl_schannel_get_cached_cert_store(struct Curl_cfilter *cf,
                        ca_info_blob->len,
                        info_blob_digest,
                        CURL_SHA256_DIGEST_LENGTH);
-    if(memcmp(share->CAinfo_blob_digest,
-              info_blob_digest,
+    if(memcmp(share->CAinfo_blob_digest, info_blob_digest,
               CURL_SHA256_DIGEST_LENGTH)) {
-        return NULL;
+      return NULL;
     }
   }
   else {
@@ -2882,7 +2878,6 @@ static void schannel_cert_share_free(void *key, size_t key_len, void *p)
   if(share->cert_store) {
     CertCloseStore(share->cert_store, 0);
   }
-  free(share->CAinfo_blob_digest);
   free(share->CAfile);
   free(share);
 }
@@ -2895,7 +2890,6 @@ bool Curl_schannel_set_cached_cert_store(struct Curl_cfilter *cf,
   struct Curl_multi *multi = data->multi;
   const struct curl_blob *ca_info_blob = conn_config->ca_info_blob;
   struct schannel_cert_share *share;
-  unsigned char *CAinfo_blob_digest = NULL;
   size_t CAinfo_blob_size = 0;
   char *CAfile = NULL;
 
@@ -2923,13 +2917,9 @@ bool Curl_schannel_set_cached_cert_store(struct Curl_cfilter *cf,
   }
 
   if(ca_info_blob) {
-    CAinfo_blob_digest = malloc(CURL_SHA256_DIGEST_LENGTH);
-    if(!CAinfo_blob_digest) {
-      return false;
-    }
     schannel_sha256sum((const unsigned char *)ca_info_blob->data,
                        ca_info_blob->len,
-                       CAinfo_blob_digest,
+                       share->CAinfo_blob_digest,
                        CURL_SHA256_DIGEST_LENGTH);
     CAinfo_blob_size = ca_info_blob->len;
   }
@@ -2946,12 +2936,10 @@ bool Curl_schannel_set_cached_cert_store(struct Curl_cfilter *cf,
   if(share->cert_store) {
     CertCloseStore(share->cert_store, 0);
   }
-  free(share->CAinfo_blob_digest);
   free(share->CAfile);
 
   share->time = Curl_now();
   share->cert_store = cert_store;
-  share->CAinfo_blob_digest = CAinfo_blob_digest;
   share->CAinfo_blob_size = CAinfo_blob_size;
   share->CAfile = CAfile;
   return true;
diff --git a/lib/vtls/schannel_int.h b/lib/vtls/schannel_int.h
index b04f1804b5..800fdf88e6 100644
--- a/lib/vtls/schannel_int.h
+++ b/lib/vtls/schannel_int.h
@@ -28,6 +28,8 @@
 
 #ifdef USE_SCHANNEL
 
+#include "vtls.h"
+
 #if (defined(__MINGW32__) || defined(CERT_CHAIN_REVOCATION_CHECK_CHAIN)) \
   && !defined(CURL_WINDOWS_APP)
 #define HAS_MANUAL_VERIFY_API
@@ -165,7 +167,7 @@ struct schannel_ssl_backend_data {
 #define MPROTO_SCHANNEL_CERT_SHARE_KEY   "tls:schannel:cert:share"
 
 struct schannel_cert_share {
-  unsigned char *CAinfo_blob_digest; /* CA info blob digest */
+  unsigned char CAinfo_blob_digest[CURL_SHA256_DIGEST_LENGTH];
   size_t CAinfo_blob_size;           /* CA info blob size */
   char *CAfile;                      /* CAfile path used to generate
                                         certificate store */
-- 
2.47.3