Re: [Openvpn-devel] [PATCH 2.3] Plug memory leak in mbedTLS backend

Steffan Karger Tue, 31 May 2016 12:40:24 +0000

On 31-05-16 13:42, Ivo Manca wrote:
> Signed-off-by: Ivo Manca <pin...@gmail.com>
> ---
>  src/openvpn/ssl_verify_polarssl.c | 7 +++++--
>  1 file changed, 5 insertions(+), 2 deletions(-)
> 
> diff --git a/src/openvpn/ssl_verify_polarssl.c 
> b/src/openvpn/ssl_verify_polarssl.c
> index 7ed87d6..cc46b75 100644
> --- a/src/openvpn/ssl_verify_polarssl.c
> +++ b/src/openvpn/ssl_verify_polarssl.c
> @@ -137,7 +137,7 @@ backend_x509_get_serial (openvpn_x509_cert_t *cert, 
> struct gc_arena *gc)
>    if (!polar_ok(mpi_read_binary(&serial_mpi, cert->serial.p, 
> cert->serial.len)))
>      {
>        msg(M_WARN, "Failed to retrieve serial from certificate.");
> -      return NULL;
> +      goto end;
>      }
>  
>    /* Determine decimal representation length, allocate buffer */
> @@ -148,9 +148,12 @@ backend_x509_get_serial (openvpn_x509_cert_t *cert, 
> struct gc_arena *gc)
>    if (!polar_ok(mpi_write_string(&serial_mpi, 10, buf, &buflen)))
>      {
>        msg(M_WARN, "Failed to write serial to string.");
> -      return NULL;
> +      buf = NULL;
> +      goto end;
>      }
>  
> +end:
> +  mpi_free(&serial_mpi);
>    return buf;
>  }


ACK - *but* Ivo did this work for us (Fox-IT), so some external eyes
before applying are welcome.

-Steffan

Re: [Openvpn-devel] [PATCH 2.3] Plug memory leak in mbedTLS backend

Reply via email to