Am 31.05.16 um 14:22 schrieb Steffan Karger:
> On 31-05-16 13:42, Ivo Manca wrote:
>> Signed-off-by: Ivo Manca <pin...@gmail.com>
>> ---
>> src/openvpn/ssl_verify_polarssl.c | 7 +++++--
>> 1 file changed, 5 insertions(+), 2 deletions(-)
>>
>> diff --git a/src/openvpn/ssl_verify_polarssl.c
>> b/src/openvpn/ssl_verify_polarssl.c
>> index 7ed87d6..cc46b75 100644
>> --- a/src/openvpn/ssl_verify_polarssl.c
>> +++ b/src/openvpn/ssl_verify_polarssl.c
>> @@ -137,7 +137,7 @@ backend_x509_get_serial (openvpn_x509_cert_t *cert,
>> struct gc_arena *gc)
>> if (!polar_ok(mpi_read_binary(&serial_mpi, cert->serial.p,
>> cert->serial.len)))
>> {
>> msg(M_WARN, "Failed to retrieve serial from certificate.");
>> - return NULL;
>> + goto end;
>> }
>>
>> /* Determine decimal representation length, allocate buffer */
>> @@ -148,9 +148,12 @@ backend_x509_get_serial (openvpn_x509_cert_t *cert,
>> struct gc_arena *gc)
>> if (!polar_ok(mpi_write_string(&serial_mpi, 10, buf, &buflen)))
>> {
>> msg(M_WARN, "Failed to write serial to string.");
>> - return NULL;
>> + buf = NULL;
>> + goto end;
>> }
>>
>> +end:
>> + mpi_free(&serial_mpi);
>> return buf;
>> }
> ACK - *but* Ivo did this work for us (Fox-IT), so some external eyes
> before applying are welcome.
>
>
ACK, looks good to me, too.
Arne
