]> git.ipfire.org Git - thirdparty/gnutls.git/commitdiff
projects / thirdparty / gnutls.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 4ef5efe)
gnutls_x509_ext_import_proxy: corrected memory leak
authorNikos Mavrogiannopoulos <nmav@redhat.com>
Wed, 15 Nov 2017 09:31:00 +0000 (10:31 +0100)
committerNikos Mavrogiannopoulos <nmav@redhat.com>
Wed, 15 Nov 2017 09:33:16 +0000 (10:33 +0100)
Also added reproducer for the memory leak found.

Issue found using oss-fuzz:
  https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=3159

Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
fuzz/gnutls_x509_parser_fuzzer.repro/leak-45ceff5162bae741d1048cede0d5dfe6b677761d [new file with mode: 0644] patch | blob
lib/x509/x509_ext.c patch | blob | blame | history

diff --git a/fuzz/gnutls_x509_parser_fuzzer.repro/leak-45ceff5162bae741d1048cede0d5dfe6b677761d b/fuzz/gnutls_x509_parser_fuzzer.repro/leak-45ceff5162bae741d1048cede0d5dfe6b677761d
new file mode 100644 (file)
index 0000000..ded50c8
Binary files /dev/null and b/fuzz/gnutls_x509_parser_fuzzer.repro/leak-45ceff5162bae741d1048cede0d5dfe6b677761d differ
diff --git a/lib/x509/x509_ext.c b/lib/x509/x509_ext.c
index 99e0a43f3094e7c2ebb43f7422d1ca4ff8fdacf5..58c3263d1e7737fd0a21ce012342445ba950d93c 100644 (file)
--- a/lib/x509/x509_ext.c
+++ b/lib/x509/x509_ext.c
@@ -1520,9 +1520,9 @@ int gnutls_x509_ext_export_basic_constraints(unsigned int ca, int pathlen,
  *
  * Since: 3.3.0
  **/
-int gnutls_x509_ext_import_proxy(const gnutls_datum_t * ext, int *pathlen,
-                             char **policyLanguage, char **policy,
-                             size_t * sizeof_policy)
+int gnutls_x509_ext_import_proxy(const gnutls_datum_t *ext, int *pathlen,
+                                char **policyLanguage, char **policy,
+                                size_t *sizeof_policy)
 {
        ASN1_TYPE c2 = ASN1_TYPE_EMPTY;
        int result;
@@ -1563,11 +1563,6 @@ int gnutls_x509_ext_import_proxy(const gnutls_datum_t * ext, int *pathlen,
                goto cleanup;
        }
 
-       if (policyLanguage) {
-               *policyLanguage = (char *)value1.data;
-               value1.data = NULL;
-       }
-
        result = _gnutls_x509_read_value(c2, "proxyPolicy.policy", &value2);
        if (result == GNUTLS_E_ASN1_ELEMENT_NOT_FOUND) {
                if (policy)
@@ -1586,6 +1581,11 @@ int gnutls_x509_ext_import_proxy(const gnutls_datum_t * ext, int *pathlen,
                        *sizeof_policy = value2.size;
        }
 
+       if (policyLanguage) {
+               *policyLanguage = (char *)value1.data;
+               value1.data = NULL;
+       }
+
        result = 0;
  cleanup:
        gnutls_free(value1.data);
Mirror of https://gitlab.com/gnutls/gnutls.git