From: Tobias Brunner <tobias@strongswan.org>
Date: Wed, 29 Mar 2017 09:16:34 +0000 (+0200)
Subject: x509: Fix leak if there is an empty CDP
X-Git-Tag: 5.5.3~26^2~18
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=388351609dad7a96b6ac8857864e59642810bc56;p=thirdparty%2Fstrongswan.git

x509: Fix leak if there is an empty CDP
---

diff --git a/src/libstrongswan/plugins/x509/x509_cert.c b/src/libstrongswan/plugins/x509/x509_cert.c
index 7068853a82..3027e4387a 100644
--- a/src/libstrongswan/plugins/x509/x509_cert.c
+++ b/src/libstrongswan/plugins/x509/x509_cert.c
@@ -818,10 +818,12 @@ static void add_cdps(linked_list_t *list, linked_list_t *uris,
 	enumerator_t *enumerator;
 	x509_cdp_t *cdp;
 	char *uri;
+	int len;
 
 	while (uris->remove_last(uris, (void**)&id) == SUCCESS)
 	{
-		if (asprintf(&uri, "%Y", id) > 0)
+		len = asprintf(&uri, "%Y", id);
+		if (len > 0)
 		{
 			if (issuers->get_count(issuers))
 			{
@@ -845,6 +847,10 @@ static void add_cdps(linked_list_t *list, linked_list_t *uris,
 				list->insert_last(list, cdp);
 			}
 		}
+		else if (!len)
+		{
+			free(uri);
+		}
 		id->destroy(id);
 	}
 	while (issuers->remove_last(issuers, (void**)&id) == SUCCESS)