Don't crash if gnutls_x509_crt_list_import() fails

On error, gnutls_x509_crt_list_import() deinitializes any certificates
that it loaded (this isn't documented, of course, but see [1]). However,
we're also deinitializing them in the error handling case, resulting in
a double-free. Set nr_extra_certs to zero in that case so that we don't
crash.

1: https://gitlab.com/gnutls/gnutls/blob/gnutls_3_6_9/lib/x509/x509.c#L3864

Signed-off-by: Omar Sandoval <osandov@osandov.com>
Signed-off-by: David Woodhouse <dwmw2@infradead.org>

diff --git a/gnutls.c b/gnutls.c
index 4f915d62f80fa12b7e9eb93dee5f4cd11df83d36..4a000af93aa591add72c07f342e5a6f5b883129a 100644 (file)
--- a/gnutls.c
+++ b/gnutls.c
@@ -1082,6 +1082,7 @@ static int load_certificate(struct openconnect_info *vpninfo)
                vpn_progress(vpninfo, PRG_ERR,
                             _("Loading certificate failed: %s\n"),
                             reason);
+               nr_extra_certs = 0;
                ret = -EINVAL;
                goto out;
        }