New commits:
commit 65cdf0070a2cd896556e03c04856b0aa5f87a9a1
Author: Paul Wouters <[email protected]>
Date: Tue Dec 6 17:00:49 2016 -0500
updated changes
commit 6c7c8b85ff6c8a05d30b0994edc11364c2f0effa
Author: William Rios <[email protected]>
Date: Tue Dec 6 16:58:13 2016 -0500
X509: Fix memory leak in certificate handling (lsbz#278)
In get_pluto_gn_from_nss_cert, the call to CERT_GetCertificateNames
allocates memory in cert->arena which would only be freed when
cert->arena is freed. It seems that either cert->arena is never
freed or at least it's not freed for quite a while. The data
from CERT_GetCertificateNames is used almost immediately after by
add_cert_san_pubkeys and then is apparently no longer needed. If a new
arena is used for CERT_GetCertificateNames instead of cert->arena then
it can be freed in add_cert_san_pubkeys after it is no longer needed.
Signed-off-by: Paul Wouters <[email protected]>
Note: long term solution is to remove pluto_gn and use the nss fields
directly, as pluto_gn is a relic from pre-NSS times.
_______________________________________________
Swan-commit mailing list
[email protected]
https://lists.libreswan.org/mailman/listinfo/swan-commit
