From: David Woodhouse Date: Fri, 21 Dec 2018 16:19:35 +0000 (+0000) Subject: Use free_pass() for freeing certificate passwords X-Git-Tag: v8.00~21 X-Git-Url: https://www.infradead.org/git/?a=commitdiff_plain;h=5f6e4282d6836df2341db2def7c05f1950c11fc9;p=users%2Fdwmw2%2Fopenconnect.git Use free_pass() for freeing certificate passwords Signed-off-by: David Woodhouse --- diff --git a/gnutls.c b/gnutls.c index d0c733ce..36aebd85 100644 --- a/gnutls.c +++ b/gnutls.c @@ -460,7 +460,7 @@ static int load_pkcs12_certificate(struct openconnect_info *vpninfo, } else vpn_progress(vpninfo, PRG_ERR, _("Failed to decrypt PKCS#12 certificate file\n")); - free(pass); + free_pass(&pass); vpninfo->cert_password = NULL; err = request_passphrase(vpninfo, "openconnect_pkcs12", &pass, _("Enter PKCS#12 pass phrase:")); @@ -492,7 +492,7 @@ static int load_pkcs12_certificate(struct openconnect_info *vpninfo, } err = gnutls_pkcs12_simple_parse(p12, pass, key, chain, chain_len, extra_certs, extra_certs_len, crl, 0); - free(pass); + free_pass(&pass); vpninfo->cert_password = NULL; gnutls_pkcs12_deinit(p12); @@ -875,8 +875,7 @@ static int import_openssl_pem(struct openconnect_info *vpninfo, fail: if (pass) { vpn_progress(vpninfo, PRG_ERR, _("Decrypting PEM key failed\n")); - free(pass); - pass = NULL; + free_pass(&pass); } err = request_passphrase(vpninfo, "openconnect_pem", &pass, _("Enter PEM pass phrase:")); @@ -887,7 +886,7 @@ static int import_openssl_pem(struct openconnect_info *vpninfo, } out: free(key_data); - free(pass); + free_pass(&pass); out_enc_key: free(enc_key.data); out_b64: @@ -1400,7 +1399,7 @@ static int load_certificate(struct openconnect_info *vpninfo) if (pass) { vpn_progress(vpninfo, PRG_ERR, _("Failed to decrypt PKCS#8 certificate file\n")); - free(pass); + free_pass(&pass); } err = request_passphrase(vpninfo, "openconnect_pem", &pass, _("Enter PEM pass phrase:")); @@ -1409,7 +1408,7 @@ static int load_certificate(struct openconnect_info *vpninfo) goto out; } } - free(pass); + free_pass(&pass); vpninfo->cert_password = NULL; } else if (!gnutls_x509_privkey_import(key, &fdata, GNUTLS_X509_FMT_DER) || !gnutls_x509_privkey_import_pkcs8(key, &fdata, GNUTLS_X509_FMT_DER, @@ -1433,7 +1432,7 @@ static int load_certificate(struct openconnect_info *vpninfo) if (pass) { vpn_progress(vpninfo, PRG_ERR, _("Failed to decrypt PKCS#8 certificate file\n")); - free(pass); + free_pass(&pass); } err = request_passphrase(vpninfo, "openconnect_pem", &pass, _("Enter PKCS#8 pass phrase:")); @@ -1442,7 +1441,7 @@ static int load_certificate(struct openconnect_info *vpninfo) goto out; } } - free(pass); + free_pass(&pass); vpninfo->cert_password = NULL; } diff --git a/openssl.c b/openssl.c index fce02674..8a474c5d 100644 --- a/openssl.c +++ b/openssl.c @@ -464,12 +464,12 @@ static int pem_pw_cb(char *buf, int len, int w, void *v) vpn_progress(vpninfo, PRG_ERR, _("PEM password too long (%d >= %d)\n"), plen, len); - free(pass); + free_pass(&pass); return -1; } memcpy(buf, pass, plen+1); - free(pass); + free_pass(&pass); return plen; } @@ -532,7 +532,7 @@ static int load_pkcs12_certificate(struct openconnect_info *vpninfo, PKCS12 *p12 if (pass) vpn_progress(vpninfo, PRG_ERR, _("Failed to decrypt PKCS#12 certificate file\n")); - free(pass); + free_pass(&pass); if (request_passphrase(vpninfo, "openconnect_pkcs12", &pass, _("Enter PKCS#12 pass phrase:")) < 0) { PKCS12_free(p12); @@ -547,10 +547,10 @@ static int load_pkcs12_certificate(struct openconnect_info *vpninfo, PKCS12 *p12 vpn_progress(vpninfo, PRG_ERR, _("Parse PKCS#12 failed (see above errors)\n")); PKCS12_free(p12); - free(pass); + free_pass(&pass); return -EINVAL; } - free(pass); + free_pass(&pass); if (cert) { char buf[200]; vpninfo->cert_x509 = cert; @@ -1001,7 +1001,7 @@ static int load_certificate(struct openconnect_info *vpninfo) if (pass) { vpn_progress(vpninfo, PRG_ERR, _("Failed to decrypt PKCS#8 certificate file\n")); - free(pass); + free_pass(&pass); pass = NULL; } @@ -1014,13 +1014,13 @@ static int load_certificate(struct openconnect_info *vpninfo) openconnect_report_ssl_errors(vpninfo); } - free(pass); + free_pass(&pass); vpninfo->cert_password = NULL; X509_SIG_free(p8); return -EINVAL; } - free(pass); + free_pass(&pass); vpninfo->cert_password = NULL; key = EVP_PKCS82PKEY(p8inf);