From: Tom Carroll <incentivedesign@gmail.com>
Date: Mon, 17 May 2021 17:08:29 +0000 (-0700)
Subject: Check gnutls_pubkey_init return code.
X-Git-Tag: v8.20~179
X-Git-Url: https://www.infradead.org/git/?a=commitdiff_plain;h=98f90f2f596502520f1bd3e959c9978d81c04777;p=users%2Fdwmw2%2Fopenconnect.git

Check gnutls_pubkey_init return code.

gnutls_pubkey_import_x509 doesn't verify if pubkey == NULL.

Signed-off-by: Tom Carroll <incentivedesign@gmail.com>
---

diff --git a/gnutls.c b/gnutls.c
index e2e21334..9b08047f 100644
--- a/gnutls.c
+++ b/gnutls.c
@@ -1583,11 +1583,12 @@ static int load_certificate(struct openconnect_info *vpninfo, struct cert_info *
 
 			/* If extra_certs[] is NULL, we have one candidate in 'cert' to check. */
 			for (j = 0; j < (extra_certs ? nr_extra_certs : 1); j++) {
-				gnutls_pubkey_t pubkey;
+				gnutls_pubkey_t pubkey = NULL;
 
-				gnutls_pubkey_init(&pubkey);
-				err = gnutls_pubkey_import_x509(pubkey, extra_certs ? extra_certs[j] : cert, 0);
-				if (err) {
+				err = gnutls_pubkey_init(&pubkey);
+				if (err >= 0)
+					err = gnutls_pubkey_import_x509(pubkey, extra_certs ? extra_certs[j] : cert, 0);
+				if (err < 0) {
 					vpn_progress(vpninfo, PRG_ERR,
 						     _("Error validating signature against certificate: %s\n"),
 						     gnutls_strerror(err));