pkcs12: correctly set salt size in gnutls_pkcs12_mac_info

Also eliminate leaks in PKCS #12 parsing.

diff --git a/lib/x509/pkcs12.c b/lib/x509/pkcs12.c
index 007823f9c515025c656c9be859a708c2c0c32ec2..30275263b0c595a0cec91bdfafc65768aee4243a 100644 (file)
--- a/lib/x509/pkcs12.c
+++ b/lib/x509/pkcs12.c
@@ -651,15 +651,15 @@ gnutls_pkcs12_get_bag(gnutls_pkcs12_t pkcs12,
 
        /* ENC_DATA_OID needs decryption */
 
-       bag->element[0].type = GNUTLS_BAG_ENCRYPTED;
-       bag->bag_elements = 1;
-
        result = _gnutls_x509_read_value(c2, root2, &bag->element[0].data);
        if (result < 0) {
                gnutls_assert();
                goto cleanup;
        }
 
+       bag->element[0].type = GNUTLS_BAG_ENCRYPTED;
+       bag->bag_elements = 1;
+
        result = 0;
 
       cleanup:
@@ -1905,6 +1905,7 @@ gnutls_pkcs12_mac_info(gnutls_pkcs12_t pkcs12, unsigned int *mac,
                }
 
                if (*salt_size >= (unsigned)dsalt.size) {
+                       *salt_size = dsalt.size;
                        memcpy(salt, dsalt.data, dsalt.size);
                } else {
                        *salt_size = dsalt.size;

diff --git a/lib/x509/privkey_pkcs8.c b/lib/x509/privkey_pkcs8.c
index f6ac04a254927f3faa712a54258ba4dd2b85a0f7..8b1471c05440bb0d3e62842bf13820ce77d63ab8 100644 (file)
--- a/lib/x509/privkey_pkcs8.c
+++ b/lib/x509/privkey_pkcs8.c
@@ -1140,9 +1140,10 @@ int pkcs8_key_info(const gnutls_datum_t * raw_key,
                goto error;
        }
 
-       return 0;
+       result = 0;
 
       error:
+       asn1_delete_structure2(&pkcs8_asn, ASN1_DELETE_FLAG_ZEROIZE);
        return result;
 }