[or-cvs] Stop leaking X509 certs; those things are _nasty_ on the ca...

Nick Mathewson nickm at seul.org
Tue Nov 18 06:52:27 UTC 2003


Update of /home/or/cvsroot/src/common
In directory moria.mit.edu:/tmp/cvs-serv31914/common

Modified Files:
	tortls.c 
Log Message:
Stop leaking X509 certs; those things are _nasty_ on the carpet

Index: tortls.c
===================================================================
RCS file: /home/or/cvsroot/src/common/tortls.c,v
retrieving revision 1.31
retrieving revision 1.32
diff -u -d -r1.31 -r1.32
--- tortls.c	11 Nov 2003 04:08:30 -0000	1.31
+++ tortls.c	18 Nov 2003 06:52:25 -0000	1.32
@@ -140,7 +140,6 @@
   X509 *x509 = NULL;
   X509_NAME *name = NULL;
   int nid;
-  int err;
   
   tor_tls_init();
 
@@ -179,13 +178,13 @@
   if (!X509_sign(x509, pkey, EVP_sha1()))
     goto error;
 
-  err = 0;
   goto done;
  error:
-  err = 1;
+  if (x509) {
+    X509_free(x509); 
+    x509 = NULL;
+  }
  done:
-  if (x509 && err)
-    X509_free(x509);
   if (pkey)
     EVP_PKEY_free(pkey);
   if (name)
@@ -483,23 +482,29 @@
   
   if (!(cert = SSL_get_peer_certificate(tls->ssl))) {
     log_fn(LOG_WARN, "Peer has no certificate");
-    return -1;
+    goto error;
   }
   if (!(name = X509_get_subject_name(cert))) {
     log_fn(LOG_WARN, "Peer certificate has no subject name");
-    return -1;
+    goto error;
   }
   if ((nid = OBJ_txt2nid("commonName")) == NID_undef)
-    return -1;
+    goto error;
   
   lenout = X509_NAME_get_text_by_NID(name, nid, buf, buflen);
   if (lenout == -1)
-    return -1;
+    goto error;
   if (strspn(buf, LEGAL_NICKNAME_CHARACTERS) != lenout) {
     log_fn(LOG_WARN, "Peer certificate nickname has illegal characters.");
-    return -1;
+    goto error;
   }
   return 0;
+ error:
+  if (cert)
+    X509_free(cert);
+  if (name)
+    X509_NAME_free(name);
+  return -1;
 }
 
 /* If the provided tls connection is authenticated and has a



More information about the tor-commits mailing list