diff options
author | Steve Holme <steve_holme@hotmail.com> | 2014-12-26 11:58:17 +0000 |
---|---|---|
committer | Steve Holme <steve_holme@hotmail.com> | 2014-12-26 13:11:43 +0000 |
commit | cdc1cc22e75bbe6434e9603c91e933171ac9edf2 (patch) | |
tree | fbad6cdbfa4fdc596c59b6770875b7411f555068 | |
parent | fe43a662a25ab3903176575f1a7e0f8a04a9adc5 (diff) |
vtls: Don't set cert info count until memory allocation is successful
Otherwise Curl_ssl_init_certinfo() can fail and set the num_of_certs
member variable to the requested count, which could then be used
incorrectly as libcurl closes down.
-rw-r--r-- | lib/vtls/vtls.c | 8 |
1 files changed, 6 insertions, 2 deletions
diff --git a/lib/vtls/vtls.c b/lib/vtls/vtls.c index 165f49b8b..a53ff4ad6 100644 --- a/lib/vtls/vtls.c +++ b/lib/vtls/vtls.c @@ -593,12 +593,14 @@ void Curl_ssl_free_certinfo(struct SessionHandle *data) { int i; struct curl_certinfo *ci = &data->info.certs; + if(ci->num_of_certs) { /* free all individual lists used */ for(i=0; i<ci->num_of_certs; i++) { curl_slist_free_all(ci->certinfo[i]); ci->certinfo[i] = NULL; } + free(ci->certinfo); /* free the actual array too */ ci->certinfo = NULL; ci->num_of_certs = 0; @@ -610,13 +612,15 @@ CURLcode Curl_ssl_init_certinfo(struct SessionHandle *data, int num) struct curl_certinfo *ci = &data->info.certs; struct curl_slist **table; - /* Initialize the certificate information structures */ + /* Free any previous certificate information structures */ Curl_ssl_free_certinfo(data); - ci->num_of_certs = num; + + /* Allocate the required certificate information structures */ table = calloc((size_t) num, sizeof(struct curl_slist *)); if(!table) return CURLE_OUT_OF_MEMORY; + ci->num_of_certs = num; ci->certinfo = table; return CURLE_OK; |