Free pcerts array for all assign_privkey paths.

Ensure the array pcerts is free'd for both success/fail paths. The function
gnutls_certificate_set_key() is odd as it takes ownership of the contents of
pcerts, but not the pcerts array itself. See:

gnutls-3.6.15/lib/cert-cred.c:gnutls_certificate_set_key()
...
new_pcert_list = gnutls_malloc(sizeof(gnutls_pcert_st) * pcert_list_size);
if (new_pcert_list == NULL) {
  return gnutls_assert_val(GNUTLS_E_MEMORY_ERROR);
}
memcpy(new_pcert_list, pcert_list, sizeof(gnutls_pcert_st) * pcert_list_size);

Signed-off-by: Tom Carroll <incentivedesign@gmail.com>

diff --git a/gnutls.c b/gnutls.c
index 7d5b99248270d682ea61de0ff0d33c934a32bd53..ffcf1ca7adad0425d497f06c0e7a4812ee7d7066 100644 (file)
--- a/gnutls.c
+++ b/gnutls.c
@@ -584,7 +584,8 @@ static int assign_privkey(struct openconnect_info *vpninfo,
                          uint8_t *free_certs)
 {
        gnutls_pcert_st *pcerts = gnutls_calloc(nr_certs, sizeof(*pcerts));
-       int i, err;
+       unsigned int i;
+       int err;
 
        if (!pcerts)
                return GNUTLS_E_MEMORY_ERROR;
@@ -608,8 +609,8 @@ static int assign_privkey(struct openconnect_info *vpninfo,
        free_pcerts:
                for (i = 0 ; i < nr_certs; i++)
                        gnutls_pcert_deinit(pcerts + i);
-               free(pcerts);
        }
+       free(pcerts);
        return err;
 }