On 31-05-16 13:42, Ivo Manca wrote: > Signed-off-by: Ivo Manca <[email protected]> > --- > src/openvpn/ssl_verify_mbedtls.c | 7 +++++-- > 1 file changed, 5 insertions(+), 2 deletions(-) > > diff --git a/src/openvpn/ssl_verify_mbedtls.c > b/src/openvpn/ssl_verify_mbedtls.c > index 9c4b51a..522ff68 100644 > --- a/src/openvpn/ssl_verify_mbedtls.c > +++ b/src/openvpn/ssl_verify_mbedtls.c > @@ -162,7 +162,7 @@ backend_x509_get_serial (mbedtls_x509_crt *cert, struct > gc_arena *gc) > cert->serial.len))) > { > msg(M_WARN, "Failed to retrieve serial from certificate."); > - return NULL; > + goto end; > } > > /* Determine decimal representation length, allocate buffer */ > @@ -173,9 +173,12 @@ backend_x509_get_serial (mbedtls_x509_crt *cert, struct > gc_arena *gc) > if (!mbed_ok(mbedtls_mpi_write_string(&serial_mpi, 10, buf, buflen, > &buflen))) > { > msg(M_WARN, "Failed to write serial to string."); > - return NULL; > + buf = NULL; > + goto end; > } > > +end: > + mbedtls_mpi_free(&serial_mpi); > return buf; > }
ACK - *but* Ivo did this work for us (Fox-IT), so some external eyes before applying are welcome. -Steffan
