From: Nikos Mavrogiannopoulos <nmav@redhat.com>
Date: Tue, 3 May 2016 12:24:08 +0000 (+0200)
Subject: gnutls_certificate_set_key: duplicate the provided memory
X-Git-Tag: gnutls_3_5_0~24
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=af09650c5b48ff0bce41007e588c2838d8e2a0be;p=thirdparty%2Fgnutls.git

gnutls_certificate_set_key: duplicate the provided memory

That is, do not assume that a heap allocated value is provided.
---

diff --git a/lib/x509.c b/lib/x509.c
index 219e065c80..defcde75a1 100644
--- a/lib/x509.c
+++ b/lib/x509.c
@@ -1206,7 +1206,7 @@ gnutls_certificate_get_x509_crt(gnutls_certificate_credentials_t res,
  * entity certificate (e.g., also an intermediate CA cert) then put
  * the certificate chain in @pcert_list. 
  *
- * Note that the @pcert_list and @key will become part of the credentials 
+ * Note that the @key and the elements of @pcert_list will become part of the credentials 
  * structure and must not be deallocated. They will be automatically deallocated 
  * when the @res type is deinitialized.
  *
@@ -1226,6 +1226,7 @@ gnutls_certificate_set_key(gnutls_certificate_credentials_t res,
 {
 	int ret, i;
 	gnutls_str_array_t str_names;
+	gnutls_pcert_st *new_pcert_list;
 
 	_gnutls_str_array_init(&str_names);
 
@@ -1251,12 +1252,20 @@ gnutls_certificate_set_key(gnutls_certificate_credentials_t res,
 		goto cleanup;
 	}
 
+	new_pcert_list = gnutls_malloc(sizeof(gnutls_pcert_st) * pcert_list_size);
+	if (new_pcert_list == NULL) {
+		gnutls_assert();
+		return GNUTLS_E_MEMORY_ERROR;
+	}
+	memcpy(new_pcert_list, pcert_list, sizeof(gnutls_pcert_st) * pcert_list_size);
+
 	ret =
 	    certificate_credential_append_crt_list(res, str_names,
-						   pcert_list,
+						   new_pcert_list,
 						   pcert_list_size);
 	if (ret < 0) {
 		gnutls_assert();
+		gnutls_free(new_pcert_list);
 		goto cleanup;
 	}