diff options
author | Peter Wu <peter@lekensteyn.nl> | 2018-03-15 15:27:57 +0100 |
---|---|---|
committer | Peter Wu <peter@lekensteyn.nl> | 2018-03-21 10:36:23 +0000 |
commit | ca9976bec95234504b96ee9b2649fd791b06cc20 (patch) | |
tree | 313a2af03097451f6f8ec2cbd551da9adaf9da6b | |
parent | af8ac43a1fc7a67d54bb2734244ea12194842fa9 (diff) |
rsa: fix memleak and accept keys from certain PKCS#12 files
The "bag" was not deallocated when the key is successfully loaded.
Parse all bag elements rather than clearing the bag after the first
iteration (this restores previous behavior).
Change-Id: Ib52da6586f7435d18fa5b0660e7771436544b634
Fixes: v2.5.0rc0-613-gf63b68f707 ("Further cleanups.")
Reviewed-on: https://code.wireshark.org/review/26481
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
-rw-r--r-- | wsutil/rsa.c | 19 |
1 files changed, 7 insertions, 12 deletions
diff --git a/wsutil/rsa.c b/wsutil/rsa.c index c71cdfd203..33a69f717f 100644 --- a/wsutil/rsa.c +++ b/wsutil/rsa.c @@ -179,6 +179,7 @@ rsa_load_pkcs12(FILE *fp, const gchar *cert_passwd, char **err) int rest; unsigned char *p; gnutls_datum_t data; + gnutls_pkcs12_bag_t bag = NULL; size_t len; gnutls_pkcs12_t rsa_p12 = NULL; @@ -232,7 +233,6 @@ rsa_load_pkcs12(FILE *fp, const gchar *cert_passwd, char **err) /* TODO: Use gnutls_pkcs12_simple_parse, since 3.1.0 (August 2012) */ for (i=0; ; i++) { - gnutls_pkcs12_bag_t bag; gnutls_pkcs12_bag_type_t bag_type; ret = gnutls_pkcs12_bag_init(&bag); @@ -246,7 +246,6 @@ rsa_load_pkcs12(FILE *fp, const gchar *cert_passwd, char **err) if (ret < 0) { *err = g_strdup_printf("gnutls_pkcs12_get_bag failed: %s", gnutls_strerror(ret)); - gnutls_pkcs12_bag_deinit(bag); goto done; } @@ -256,14 +255,12 @@ rsa_load_pkcs12(FILE *fp, const gchar *cert_passwd, char **err) if (ret < 0) { *err = g_strdup_printf("gnutls_pkcs12_bag_get_type failed: %s", gnutls_strerror(ret)); - gnutls_pkcs12_bag_deinit(bag); goto done; } bag_type = (gnutls_pkcs12_bag_type_t)ret; if (bag_type >= GNUTLS_BAG_UNKNOWN) { *err = g_strdup_printf("gnutls_pkcs12_bag_get_type returnd unknown bag type %u", ret); - gnutls_pkcs12_bag_deinit(bag); goto done; } g_log(NULL, G_LOG_LEVEL_INFO, "Bag %d/%d: %s\n", i, j, BAGTYPE(bag_type)); @@ -274,14 +271,12 @@ rsa_load_pkcs12(FILE *fp, const gchar *cert_passwd, char **err) if (ret < 0) { *err = g_strdup_printf("gnutls_pkcs12_bag_get_type failed: %s", gnutls_strerror(ret)); - gnutls_pkcs12_bag_deinit(bag); goto done; } bag_type = (gnutls_pkcs12_bag_type_t)ret; if (bag_type >= GNUTLS_BAG_UNKNOWN) { *err = g_strdup_printf("gnutls_pkcs12_bag_get_type returnd unknown bag type %u", ret); - gnutls_pkcs12_bag_deinit(bag); goto done; } g_log(NULL, G_LOG_LEVEL_INFO, "Bag %d/%d decrypted: %s\n", i, j, BAGTYPE(bag_type)); @@ -292,7 +287,6 @@ rsa_load_pkcs12(FILE *fp, const gchar *cert_passwd, char **err) if (ret < 0) { *err = g_strdup_printf("gnutls_pkcs12_bag_get_data failed: %s", gnutls_strerror(ret)); - gnutls_pkcs12_bag_deinit(bag); goto done; } @@ -306,7 +300,6 @@ rsa_load_pkcs12(FILE *fp, const gchar *cert_passwd, char **err) ret = gnutls_x509_privkey_init(&rsa_pkey); if (ret < 0) { *err = g_strdup_printf("gnutls_x509_privkey_init failed: %s", gnutls_strerror(ret)); - gnutls_pkcs12_bag_deinit(bag); goto done; } ret = gnutls_x509_privkey_import_pkcs8(rsa_pkey, &data, GNUTLS_X509_FMT_DER, cert_passwd, @@ -314,14 +307,12 @@ rsa_load_pkcs12(FILE *fp, const gchar *cert_passwd, char **err) if (ret < 0) { *err = g_strdup_printf("Can not decrypt private key - %s", gnutls_strerror(ret)); gnutls_x509_privkey_deinit(rsa_pkey); - gnutls_pkcs12_bag_deinit(bag); goto done; } if (gnutls_x509_privkey_get_pk_algorithm(rsa_pkey) != GNUTLS_PK_RSA) { *err = g_strdup("private key public key algorithm isn't RSA"); gnutls_x509_privkey_deinit(rsa_pkey); - gnutls_pkcs12_bag_deinit(bag); goto done; } @@ -333,12 +324,16 @@ rsa_load_pkcs12(FILE *fp, const gchar *cert_passwd, char **err) default: ; } - gnutls_pkcs12_bag_deinit(bag); - bag = NULL; } /* j */ + + gnutls_pkcs12_bag_deinit(bag); + bag = NULL; } /* i */ done: + if (bag) { + gnutls_pkcs12_bag_deinit(bag); + } if (!priv_key) { /* * We failed. If we didn't fail with an error, we failed because |