rsa: fix memleak and accept keys from certain PKCS#12 files

The "bag" was not deallocated when the key is successfully loaded. Parse all bag elements rather than clearing the bag after the first iteration (this restores previous behavior). Change-Id: Ib52da6586f7435d18fa5b0660e7771436544b634 Fixes: v2.5.0rc0-613-gf63b68f707 ("Further cleanups.") Reviewed-on: https://code.wireshark.org/review/26481 Petri-Dish: Peter Wu <peter@lekensteyn.nl> Tested-by: Petri Dish Buildbot Reviewed-by: Peter Wu <peter@lekensteyn.nl>
author: Peter Wu <peter@lekensteyn.nl> 2018-03-15 15:27:57 +0100
committer: Peter Wu <peter@lekensteyn.nl> 2018-03-21 10:36:23 +0000
commit: ca9976bec95234504b96ee9b2649fd791b06cc20 (patch)
tree: 313a2af03097451f6f8ec2cbd551da9adaf9da6b /wsutil
parent: af8ac43a1fc7a67d54bb2734244ea12194842fa9 (diff)
1 files changed, 7 insertions, 12 deletions
diff --git a/wsutil/rsa.c b/wsutil/rsa.c
index c71cdfd203..33a69f717f 100644
--- a/wsutil/rsa.c
+++ b/wsutil/rsa.c
@@ -179,6 +179,7 @@ rsa_load_pkcs12(FILE *fp, const gchar *cert_passwd, char **err)
     int                       rest;
     unsigned char            *p;
     gnutls_datum_t            data;
+    gnutls_pkcs12_bag_t       bag = NULL;
     size_t                    len;
 
     gnutls_pkcs12_t       rsa_p12  = NULL;
@@ -232,7 +233,6 @@ rsa_load_pkcs12(FILE *fp, const gchar *cert_passwd, char **err)
 
     /* TODO: Use gnutls_pkcs12_simple_parse, since 3.1.0 (August 2012) */
     for (i=0; ; i++) {
-        gnutls_pkcs12_bag_t       bag;
         gnutls_pkcs12_bag_type_t  bag_type;
 
         ret = gnutls_pkcs12_bag_init(&bag);
@@ -246,7 +246,6 @@ rsa_load_pkcs12(FILE *fp, const gchar *cert_passwd, char **err)
         if (ret < 0) {
             *err = g_strdup_printf("gnutls_pkcs12_get_bag failed: %s",
                                    gnutls_strerror(ret));
-            gnutls_pkcs12_bag_deinit(bag);
             goto done;
         }
 
@@ -256,14 +255,12 @@ rsa_load_pkcs12(FILE *fp, const gchar *cert_passwd, char **err)
             if (ret < 0) {
                 *err = g_strdup_printf("gnutls_pkcs12_bag_get_type failed: %s",
                                        gnutls_strerror(ret));
-                gnutls_pkcs12_bag_deinit(bag);
                 goto done;
             }
             bag_type = (gnutls_pkcs12_bag_type_t)ret;
             if (bag_type >= GNUTLS_BAG_UNKNOWN) {
                 *err = g_strdup_printf("gnutls_pkcs12_bag_get_type returnd unknown bag type %u",
                                        ret);
-                gnutls_pkcs12_bag_deinit(bag);
                 goto done;
             }
             g_log(NULL, G_LOG_LEVEL_INFO, "Bag %d/%d: %s\n", i, j, BAGTYPE(bag_type));
@@ -274,14 +271,12 @@ rsa_load_pkcs12(FILE *fp, const gchar *cert_passwd, char **err)
                     if (ret < 0) {
                         *err = g_strdup_printf("gnutls_pkcs12_bag_get_type failed: %s",
                                                gnutls_strerror(ret));
-                        gnutls_pkcs12_bag_deinit(bag);
                         goto done;
                     }
                     bag_type = (gnutls_pkcs12_bag_type_t)ret;
                     if (bag_type >= GNUTLS_BAG_UNKNOWN) {
                         *err = g_strdup_printf("gnutls_pkcs12_bag_get_type returnd unknown bag type %u",
                                                ret);
-                        gnutls_pkcs12_bag_deinit(bag);
                         goto done;
                     }
                     g_log(NULL, G_LOG_LEVEL_INFO, "Bag %d/%d decrypted: %s\n", i, j, BAGTYPE(bag_type));
@@ -292,7 +287,6 @@ rsa_load_pkcs12(FILE *fp, const gchar *cert_passwd, char **err)
             if (ret < 0) {
                 *err = g_strdup_printf("gnutls_pkcs12_bag_get_data failed: %s",
                                        gnutls_strerror(ret));
-                gnutls_pkcs12_bag_deinit(bag);
                 goto done;
             }
 
@@ -306,7 +300,6 @@ rsa_load_pkcs12(FILE *fp, const gchar *cert_passwd, char **err)
                     ret = gnutls_x509_privkey_init(&rsa_pkey);
                     if (ret < 0) {
                         *err = g_strdup_printf("gnutls_x509_privkey_init failed: %s", gnutls_strerror(ret));
-                        gnutls_pkcs12_bag_deinit(bag);
                         goto done;
                     }
                     ret = gnutls_x509_privkey_import_pkcs8(rsa_pkey, &data, GNUTLS_X509_FMT_DER, cert_passwd,
@@ -314,14 +307,12 @@ rsa_load_pkcs12(FILE *fp, const gchar *cert_passwd, char **err)
                     if (ret < 0) {
                         *err = g_strdup_printf("Can not decrypt private key - %s", gnutls_strerror(ret));
                         gnutls_x509_privkey_deinit(rsa_pkey);
-                        gnutls_pkcs12_bag_deinit(bag);
                         goto done;
                     }
 
                     if (gnutls_x509_privkey_get_pk_algorithm(rsa_pkey) != GNUTLS_PK_RSA) {
                         *err = g_strdup("private key public key algorithm isn't RSA");
                         gnutls_x509_privkey_deinit(rsa_pkey);
-                        gnutls_pkcs12_bag_deinit(bag);
                         goto done;
                     }
 
@@ -333,12 +324,16 @@ rsa_load_pkcs12(FILE *fp, const gchar *cert_passwd, char **err)
 
                 default: ;
             }
-            gnutls_pkcs12_bag_deinit(bag);
-            bag = NULL;
         }  /* j */
+
+        gnutls_pkcs12_bag_deinit(bag);
+        bag = NULL;
     }  /* i */
 
 done:
+    if (bag) {
+        gnutls_pkcs12_bag_deinit(bag);
+    }
     if (!priv_key) {
         /*
          * We failed.  If we didn't fail with an error, we failed because
author	Peter Wu <peter@lekensteyn.nl>	2018-03-15 15:27:57 +0100
committer	Peter Wu <peter@lekensteyn.nl>	2018-03-21 10:36:23 +0000
commit	ca9976bec95234504b96ee9b2649fd791b06cc20 (patch)
tree	313a2af03097451f6f8ec2cbd551da9adaf9da6b /wsutil
parent	af8ac43a1fc7a67d54bb2734244ea12194842fa9 (diff)