rsa: fix memleak and accept keys from certain PKCS#12 files
The "bag" was not deallocated when the key is successfully loaded. Parse all bag elements rather than clearing the bag after the first iteration (this restores previous behavior). Change-Id: Ib52da6586f7435d18fa5b0660e7771436544b634 Fixes: v2.5.0rc0-613-gf63b68f707 ("Further cleanups.") Reviewed-on: https://code.wireshark.org/review/26481 Petri-Dish: Peter Wu <peter@lekensteyn.nl> Tested-by: Petri Dish Buildbot Reviewed-by: Peter Wu <peter@lekensteyn.nl>
This commit is contained in:
parent
af8ac43a1f
commit
ca9976bec9
19
wsutil/rsa.c
19
wsutil/rsa.c
|
@ -179,6 +179,7 @@ rsa_load_pkcs12(FILE *fp, const gchar *cert_passwd, char **err)
|
|||
int rest;
|
||||
unsigned char *p;
|
||||
gnutls_datum_t data;
|
||||
gnutls_pkcs12_bag_t bag = NULL;
|
||||
size_t len;
|
||||
|
||||
gnutls_pkcs12_t rsa_p12 = NULL;
|
||||
|
@ -232,7 +233,6 @@ rsa_load_pkcs12(FILE *fp, const gchar *cert_passwd, char **err)
|
|||
|
||||
/* TODO: Use gnutls_pkcs12_simple_parse, since 3.1.0 (August 2012) */
|
||||
for (i=0; ; i++) {
|
||||
gnutls_pkcs12_bag_t bag;
|
||||
gnutls_pkcs12_bag_type_t bag_type;
|
||||
|
||||
ret = gnutls_pkcs12_bag_init(&bag);
|
||||
|
@ -246,7 +246,6 @@ rsa_load_pkcs12(FILE *fp, const gchar *cert_passwd, char **err)
|
|||
if (ret < 0) {
|
||||
*err = g_strdup_printf("gnutls_pkcs12_get_bag failed: %s",
|
||||
gnutls_strerror(ret));
|
||||
gnutls_pkcs12_bag_deinit(bag);
|
||||
goto done;
|
||||
}
|
||||
|
||||
|
@ -256,14 +255,12 @@ rsa_load_pkcs12(FILE *fp, const gchar *cert_passwd, char **err)
|
|||
if (ret < 0) {
|
||||
*err = g_strdup_printf("gnutls_pkcs12_bag_get_type failed: %s",
|
||||
gnutls_strerror(ret));
|
||||
gnutls_pkcs12_bag_deinit(bag);
|
||||
goto done;
|
||||
}
|
||||
bag_type = (gnutls_pkcs12_bag_type_t)ret;
|
||||
if (bag_type >= GNUTLS_BAG_UNKNOWN) {
|
||||
*err = g_strdup_printf("gnutls_pkcs12_bag_get_type returnd unknown bag type %u",
|
||||
ret);
|
||||
gnutls_pkcs12_bag_deinit(bag);
|
||||
goto done;
|
||||
}
|
||||
g_log(NULL, G_LOG_LEVEL_INFO, "Bag %d/%d: %s\n", i, j, BAGTYPE(bag_type));
|
||||
|
@ -274,14 +271,12 @@ rsa_load_pkcs12(FILE *fp, const gchar *cert_passwd, char **err)
|
|||
if (ret < 0) {
|
||||
*err = g_strdup_printf("gnutls_pkcs12_bag_get_type failed: %s",
|
||||
gnutls_strerror(ret));
|
||||
gnutls_pkcs12_bag_deinit(bag);
|
||||
goto done;
|
||||
}
|
||||
bag_type = (gnutls_pkcs12_bag_type_t)ret;
|
||||
if (bag_type >= GNUTLS_BAG_UNKNOWN) {
|
||||
*err = g_strdup_printf("gnutls_pkcs12_bag_get_type returnd unknown bag type %u",
|
||||
ret);
|
||||
gnutls_pkcs12_bag_deinit(bag);
|
||||
goto done;
|
||||
}
|
||||
g_log(NULL, G_LOG_LEVEL_INFO, "Bag %d/%d decrypted: %s\n", i, j, BAGTYPE(bag_type));
|
||||
|
@ -292,7 +287,6 @@ rsa_load_pkcs12(FILE *fp, const gchar *cert_passwd, char **err)
|
|||
if (ret < 0) {
|
||||
*err = g_strdup_printf("gnutls_pkcs12_bag_get_data failed: %s",
|
||||
gnutls_strerror(ret));
|
||||
gnutls_pkcs12_bag_deinit(bag);
|
||||
goto done;
|
||||
}
|
||||
|
||||
|
@ -306,7 +300,6 @@ rsa_load_pkcs12(FILE *fp, const gchar *cert_passwd, char **err)
|
|||
ret = gnutls_x509_privkey_init(&rsa_pkey);
|
||||
if (ret < 0) {
|
||||
*err = g_strdup_printf("gnutls_x509_privkey_init failed: %s", gnutls_strerror(ret));
|
||||
gnutls_pkcs12_bag_deinit(bag);
|
||||
goto done;
|
||||
}
|
||||
ret = gnutls_x509_privkey_import_pkcs8(rsa_pkey, &data, GNUTLS_X509_FMT_DER, cert_passwd,
|
||||
|
@ -314,14 +307,12 @@ rsa_load_pkcs12(FILE *fp, const gchar *cert_passwd, char **err)
|
|||
if (ret < 0) {
|
||||
*err = g_strdup_printf("Can not decrypt private key - %s", gnutls_strerror(ret));
|
||||
gnutls_x509_privkey_deinit(rsa_pkey);
|
||||
gnutls_pkcs12_bag_deinit(bag);
|
||||
goto done;
|
||||
}
|
||||
|
||||
if (gnutls_x509_privkey_get_pk_algorithm(rsa_pkey) != GNUTLS_PK_RSA) {
|
||||
*err = g_strdup("private key public key algorithm isn't RSA");
|
||||
gnutls_x509_privkey_deinit(rsa_pkey);
|
||||
gnutls_pkcs12_bag_deinit(bag);
|
||||
goto done;
|
||||
}
|
||||
|
||||
|
@ -333,12 +324,16 @@ rsa_load_pkcs12(FILE *fp, const gchar *cert_passwd, char **err)
|
|||
|
||||
default: ;
|
||||
}
|
||||
gnutls_pkcs12_bag_deinit(bag);
|
||||
bag = NULL;
|
||||
} /* j */
|
||||
|
||||
gnutls_pkcs12_bag_deinit(bag);
|
||||
bag = NULL;
|
||||
} /* i */
|
||||
|
||||
done:
|
||||
if (bag) {
|
||||
gnutls_pkcs12_bag_deinit(bag);
|
||||
}
|
||||
if (!priv_key) {
|
||||
/*
|
||||
* We failed. If we didn't fail with an error, we failed because
|
||||
|
|
Loading…
Reference in New Issue