From c5aaa488a3d6df712dc8dff23a049133cab5ec1b Mon Sep 17 00:00:00 2001 From: Nikos Mavrogiannopoulos <nmav@redhat.com> Date: Thu, 15 Dec 2016 15:02:18 +0100 Subject: [PATCH] gnutls_x509_ext_import_proxy: fix issue reading the policy language If the language was set but the policy wasn't, that could lead to a double free, as the value returned to the user was freed. --- lib/x509/extensions.c | 21 +++++++++++++-------- 1 file changed, 13 insertions(+), 8 deletions(-) diff --git a/lib/x509/extensions.c b/lib/x509/extensions.c index f7c7346..2cbb684 100644 --- a/lib/x509/extensions.c +++ b/lib/x509/extensions.c @@ -1158,7 +1158,8 @@ _gnutls_x509_ext_extract_proxyCertInfo(i { ASN1_TYPE ext = ASN1_TYPE_EMPTY; int result; - gnutls_datum_t value; + gnutls_datum_t value1 = { NULL, 0 }; + gnutls_datum_t value2 = { NULL, 0 }; if ((result = asn1_create_element (_gnutls_get_pkix(), "PKIX1.ProxyCertInfo", @@ -1187,18 +1187,20 @@ _gnutls_x509_ext_extract_proxyCertInfo(i } result = _gnutls_x509_read_value(ext, "proxyPolicy.policyLanguage", - &value); + &value1); if (result < 0) { gnutls_assert(); asn1_delete_structure(&ext); return result; } - if (policyLanguage) - *policyLanguage = gnutls_strdup((char *) value.data); + if (policyLanguage) { + *policyLanguage = gnutls_strdup((char *) value1.data); + value1.data = NULL; + } result = - _gnutls_x509_read_value(ext, "proxyPolicy.policy", &value); + _gnutls_x509_read_value(ext, "proxyPolicy.policy", &value2); if (result == GNUTLS_E_ASN1_ELEMENT_NOT_FOUND) { if (policy) *policy = NULL; @@ -1209,10 +1212,12 @@ _gnutls_x509_ext_extract_proxyCertInfo(i asn1_delete_structure(&ext); return result; } else { - if (policy) - *policy = (char *) value.data; + if (policy) { + *policy = (char *) value2.data; + value2.data = NULL; + } if (sizeof_policy) - *sizeof_policy = value.size; + *sizeof_policy = value2.size; } asn1_delete_structure(&ext); -- libgit2 0.24.0