ssl-utils: simplify private key storage, fix resource leaks

The certificate and GnuTLS private key are never used except for
reporting in the log file. Remove the unused certificate-related code
from the PKCS#12 file parsing. Report an immediate error instead of
opening key file if GnuTLS is disabled.

Made ssl_load_key and ssl_load_pkcs12 static, they are not used outside
the SSL dissector. If for some reason the PKCS#12 bag contains multiple
private keys, then the previous one would be overwritten (leaking
memory). Fix this by returning the first private key found.

Simplify key_hash (dtls_key_hash/ssl_key_hash) memory management, now
the table automatically frees keys/values when items are removed.

Fix memory leaks:
 - ssldecrypt_uat_fld_password_chk_cb: release ssl_load_pkcs12 memory.
 - ssl_load_key: avoid leaking gnutls_x509_privkey_t on error.
 - ssl_load_pkcs12: fix ssl_pkey leak on error path.

Change-Id: I5db6fecb0d74e5c78796392aeb17e3eb7985a2ef
Reviewed-on: https://code.wireshark.org/review/10764
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>

1 files changed, 2 insertions, 2 deletions

diff --git a/epan/dissectors/packet-dtls.c b/epan/dissectors/packet-dtls.c
index 557d418678..579bb678f0 100644
--- a/epan/dissectors/packet-dtls.c
+++ b/epan/dissectors/packet-dtls.c
@@ -215,7 +215,6 @@ dtls_parse_uat(void)
 
   if (dtls_key_hash)
   {
-      g_hash_table_foreach(dtls_key_hash, ssl_private_key_free, NULL);
       g_hash_table_destroy(dtls_key_hash);
   }
 
@@ -228,7 +227,8 @@ dtls_parse_uat(void)
   wmem_destroy_stack(tmp_stack);
 
   /* parse private keys string, load available keys and put them in key hash*/
-  dtls_key_hash = g_hash_table_new(ssl_private_key_hash, ssl_private_key_equal);
+  dtls_key_hash = g_hash_table_new_full(ssl_private_key_hash,
+      ssl_private_key_equal, g_free, ssl_private_key_free);
 
   ssl_set_debug(dtls_debug_file_name);