From: Alberto Leiva Popper <ydahhrk@gmail.com>
Date: Mon, 11 Oct 2021 21:22:08 +0000 (-0500)
Subject: Certificate stack: Remove bogus x509stack_cancel()
X-Git-Tag: 1.5.2~5
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=5a5a657bcafeba1c44cfd249883e0a619cb64887;p=thirdparty%2FFORT-validator.git

Certificate stack: Remove bogus x509stack_cancel()

It seems the #58 and #59 problem is a stray defer separator pop.

The comment above x509stack_cancel() clearly states that the function
should only be called shortly after a x509stack_push(), but there's one
in certificate_traverse() that isn't.

Removing this x509stack_cancel() seems to prevent the crash. I'm still
investigating the original intent of this code.

Tentatively f1xes #58 and #59.
---

diff --git a/src/object/certificate.c b/src/object/certificate.c
index bd856b1c..54c6b477 100644
--- a/src/object/certificate.c
+++ b/src/object/certificate.c
@@ -2508,7 +2508,6 @@ certificate_traverse(struct rpp *rpp_parent, struct rpki_uri *cert_uri)
 		    x509stack_peek_resources(validation_certstack(state)));
 		cert = NULL; /* Ownership stolen at x509stack_push */
 		free(ski); /* No need to remember it */
-		x509stack_cancel(validation_certstack(state));
 
 		goto revert_refs;
 	}