From: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date: Mon, 9 Nov 2015 20:54:54 +0000 (+0100)
Subject: pkcs12: correctly set salt size in gnutls_pkcs12_mac_info
X-Git-Tag: gnutls_3_5_0~593
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=0852ceee111ead165b80dd23f72dd61ea30a86b3;p=thirdparty%2Fgnutls.git

pkcs12: correctly set salt size in gnutls_pkcs12_mac_info

Also eliminate leaks in PKCS #12 parsing.
---

diff --git a/lib/x509/pkcs12.c b/lib/x509/pkcs12.c
index 007823f9c5..30275263b0 100644
--- a/lib/x509/pkcs12.c
+++ b/lib/x509/pkcs12.c
@@ -651,15 +651,15 @@ gnutls_pkcs12_get_bag(gnutls_pkcs12_t pkcs12,
 
 	/* ENC_DATA_OID needs decryption */
 
-	bag->element[0].type = GNUTLS_BAG_ENCRYPTED;
-	bag->bag_elements = 1;
-
 	result = _gnutls_x509_read_value(c2, root2, &bag->element[0].data);
 	if (result < 0) {
 		gnutls_assert();
 		goto cleanup;
 	}
 
+	bag->element[0].type = GNUTLS_BAG_ENCRYPTED;
+	bag->bag_elements = 1;
+
 	result = 0;
 
       cleanup:
@@ -1905,6 +1905,7 @@ gnutls_pkcs12_mac_info(gnutls_pkcs12_t pkcs12, unsigned int *mac,
 		}
 
 		if (*salt_size >= (unsigned)dsalt.size) {
+			*salt_size = dsalt.size;
 			memcpy(salt, dsalt.data, dsalt.size);
 		} else {
 			*salt_size = dsalt.size;
diff --git a/lib/x509/privkey_pkcs8.c b/lib/x509/privkey_pkcs8.c
index f6ac04a254..8b1471c054 100644
--- a/lib/x509/privkey_pkcs8.c
+++ b/lib/x509/privkey_pkcs8.c
@@ -1140,9 +1140,10 @@ int pkcs8_key_info(const gnutls_datum_t * raw_key,
 		goto error;
 	}
 
-	return 0;
+	result = 0;
 
       error:
+	asn1_delete_structure2(&pkcs8_asn, ASN1_DELETE_FLAG_ZEROIZE);
 	return result;
 }