aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorSteve Holme <steve_holme@hotmail.com>2014-12-26 11:58:17 +0000
committerSteve Holme <steve_holme@hotmail.com>2014-12-26 13:11:43 +0000
commitcdc1cc22e75bbe6434e9603c91e933171ac9edf2 (patch)
treefbad6cdbfa4fdc596c59b6770875b7411f555068
parentfe43a662a25ab3903176575f1a7e0f8a04a9adc5 (diff)
vtls: Don't set cert info count until memory allocation is successful
Otherwise Curl_ssl_init_certinfo() can fail and set the num_of_certs member variable to the requested count, which could then be used incorrectly as libcurl closes down.
-rw-r--r--lib/vtls/vtls.c8
1 files changed, 6 insertions, 2 deletions
diff --git a/lib/vtls/vtls.c b/lib/vtls/vtls.c
index 165f49b8b..a53ff4ad6 100644
--- a/lib/vtls/vtls.c
+++ b/lib/vtls/vtls.c
@@ -593,12 +593,14 @@ void Curl_ssl_free_certinfo(struct SessionHandle *data)
{
int i;
struct curl_certinfo *ci = &data->info.certs;
+
if(ci->num_of_certs) {
/* free all individual lists used */
for(i=0; i<ci->num_of_certs; i++) {
curl_slist_free_all(ci->certinfo[i]);
ci->certinfo[i] = NULL;
}
+
free(ci->certinfo); /* free the actual array too */
ci->certinfo = NULL;
ci->num_of_certs = 0;
@@ -610,13 +612,15 @@ CURLcode Curl_ssl_init_certinfo(struct SessionHandle *data, int num)
struct curl_certinfo *ci = &data->info.certs;
struct curl_slist **table;
- /* Initialize the certificate information structures */
+ /* Free any previous certificate information structures */
Curl_ssl_free_certinfo(data);
- ci->num_of_certs = num;
+
+ /* Allocate the required certificate information structures */
table = calloc((size_t) num, sizeof(struct curl_slist *));
if(!table)
return CURLE_OUT_OF_MEMORY;
+ ci->num_of_certs = num;
ci->certinfo = table;
return CURLE_OK;