There is this bit in parser.c
X509_free(x509); // needed? XXX
As tb@ properly noted this X509_free() is needed because the cert_parse()
returns an up referenced x509 pointer back.
I moved the X509_free() so the error cases become simpler and we no longer
leak a reference on success. At least this is how I read the code.
OK?
--
:wq Claudio
Index: parser.c
===================================================================
RCS file: /cvs/src/usr.sbin/rpki-client/parser.c,v
retrieving revision 1.27
diff -u -p -r1.27 parser.c
--- parser.c 4 Nov 2021 11:32:55 -0000 1.27
+++ parser.c 4 Nov 2021 17:25:18 -0000
@@ -232,12 +232,12 @@ proc_parser_cert(const struct entity *en
X509_STORE_CTX_cleanup(ctx);
sk_X509_free(chain);
sk_X509_CRL_free(crls);
+ X509_free(x509);
cert->talid = a->cert->talid;
/* Validate the cert to get the parent */
if (!valid_cert(entp->file, &auths, cert)) {
- X509_free(x509); // needed? XXX
cert_free(cert);
return NULL;
}
@@ -247,7 +247,6 @@ proc_parser_cert(const struct entity *en
*/
if (cert->purpose == CERT_PURPOSE_CA) {
if (!auth_insert(&auths, cert, a)) {
- X509_free(x509); // needed? XXX
cert_free(cert);
return NULL;
}
@@ -318,20 +317,22 @@ proc_parser_root_cert(const struct entit
goto badcert;
}
+ X509_free(x509);
+
cert->talid = entp->talid;
/*
* Add valid roots to the RPKI auth tree.
*/
if (!auth_insert(&auths, cert, NULL)) {
- X509_free(x509); // needed? XXX
cert_free(cert);
return NULL;
}
return cert;
+
badcert:
- X509_free(x509); // needed? XXX
+ X509_free(x509);
cert_free(cert);
return NULL;
}
