Make sure each value in a GHashTable is unique. This avoids a
double-free bug triggered by using the "any" address wildcard. Use g_malloc0 instead of zeroing elements by hand. Check for SSL_FAST the same way everywhere. svn path=/trunk/; revision=40365
This commit is contained in:
parent
c7db6a5d4d
commit
19e493c049
|
@ -2405,7 +2405,7 @@ ssl_privkey_to_sexp(struct gnutls_x509_privkey_int* priv_key)
|
|||
{
|
||||
gnutls_datum_t rsa_datum[RSA_PARS]; /* m, e, d, p, q, u */
|
||||
size_t tmp_size;
|
||||
gcry_sexp_t rsa_priv_key;
|
||||
gcry_sexp_t rsa_priv_key = NULL;
|
||||
gint major, minor, patch;
|
||||
gint i, p_idx, q_idx;
|
||||
int ret;
|
||||
|
@ -2486,7 +2486,7 @@ ssl_privkey_to_sexp(struct gnutls_x509_privkey_int* priv_key)
|
|||
return NULL;
|
||||
}
|
||||
|
||||
#if SSL_FAST
|
||||
#ifdef SSL_FAST
|
||||
return rsa_params;
|
||||
#else
|
||||
for (i=0; i< 6; i++)
|
||||
|
@ -2508,10 +2508,7 @@ ssl_load_key(FILE* fp)
|
|||
gint size;
|
||||
guint bytes;
|
||||
|
||||
Ssl_private_key_t *private_key = g_malloc(sizeof(Ssl_private_key_t));
|
||||
private_key->x509_cert = 0;
|
||||
private_key->x509_pkey = 0;
|
||||
private_key->sexp_pkey = 0;
|
||||
Ssl_private_key_t *private_key = g_malloc0(sizeof(Ssl_private_key_t));
|
||||
|
||||
/* init private key data*/
|
||||
gnutls_x509_privkey_init(&priv_key);
|
||||
|
@ -2601,10 +2598,7 @@ ssl_load_pkcs12(FILE* fp, const gchar *cert_passwd) {
|
|||
gnutls_x509_crt_t ssl_cert = NULL;
|
||||
gnutls_x509_privkey_t ssl_pkey = NULL;
|
||||
|
||||
Ssl_private_key_t *private_key = g_malloc(sizeof(Ssl_private_key_t));
|
||||
private_key->x509_cert = 0;
|
||||
private_key->x509_pkey = 0;
|
||||
private_key->sexp_pkey = 0;
|
||||
Ssl_private_key_t *private_key = g_malloc0(sizeof(Ssl_private_key_t));
|
||||
|
||||
rest = 4096;
|
||||
data.data = g_malloc(rest);
|
||||
|
@ -2747,7 +2741,7 @@ ssl_load_pkcs12(FILE* fp, const gchar *cert_passwd) {
|
|||
|
||||
void ssl_free_key(Ssl_private_key_t* key)
|
||||
{
|
||||
#if SSL_FAST
|
||||
#ifdef SSL_FAST
|
||||
gint i;
|
||||
for (i=0; i< 6; i++)
|
||||
gcry_mpi_release(key->sexp_pkey[i]);
|
||||
|
@ -3252,19 +3246,6 @@ ssl_parse_key_list(const ssldecrypt_assoc_t * uats, GHashTable *key_hash, GTree*
|
|||
return;
|
||||
}
|
||||
|
||||
if ((gint)strlen(uats->password) == 0) {
|
||||
private_key = ssl_load_key(fp);
|
||||
} else {
|
||||
private_key = ssl_load_pkcs12(fp, uats->password);
|
||||
}
|
||||
|
||||
fclose(fp);
|
||||
|
||||
if (!private_key) {
|
||||
fprintf(stderr,"Can't load private key from %s\n", uats->keyfile);
|
||||
return;
|
||||
}
|
||||
|
||||
for (at = 0; at < 2; at++) {
|
||||
memset(addr_data, 0, sizeof(addr_data));
|
||||
addr_len = 0;
|
||||
|
@ -3289,6 +3270,18 @@ ssl_parse_key_list(const ssldecrypt_assoc_t * uats, GHashTable *key_hash, GTree*
|
|||
continue;
|
||||
}
|
||||
|
||||
if ((gint)strlen(uats->password) == 0) {
|
||||
private_key = ssl_load_key(fp);
|
||||
} else {
|
||||
private_key = ssl_load_pkcs12(fp, uats->password);
|
||||
}
|
||||
|
||||
if (!private_key) {
|
||||
fprintf(stderr,"Can't load private key from %s\n", uats->keyfile);
|
||||
fclose(fp);
|
||||
return;
|
||||
}
|
||||
|
||||
service = g_malloc(sizeof(SslService) + addr_len);
|
||||
service->addr.type = addr_type[at];
|
||||
service->addr.len = addr_len;
|
||||
|
@ -3318,6 +3311,8 @@ ssl_parse_key_list(const ssldecrypt_assoc_t * uats, GHashTable *key_hash, GTree*
|
|||
|
||||
ssl_association_add(associations, handle, service->port, uats->protocol, tcp, TRUE);
|
||||
}
|
||||
|
||||
fclose(fp);
|
||||
}
|
||||
|
||||
/* store master secret into session data cache */
|
||||
|
|
Loading…
Reference in New Issue