luo980/curl
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Revert "x509asn1: avoid freeing unallocated pointers"

Browse Source 
This reverts commit 6b19247e79.

Fixes #10163
Closes #10207
This commit is contained in:
Daniel Stenberg 2023-01-02 16:42:55 +01:00
parent e6002e9012
commit 4fc7737742
No known key found for this signature in database
GPG Key ID: 5CC908FDB71E12C2
1 changed files with 9 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

17
lib/vtls/x509asn1.c
View File

@ -1348,15 +1348,14 @@ CURLcode Curl_verifyhost(struct Curl_cfilter *cf,
break; break;
switch(name.tag) { switch(name.tag) {
case 2: /* DNS name. */ case 2: /* DNS name. */
matched = 0;
len = utf8asn1str(&dnsname, CURL_ASN1_IA5_STRING, len = utf8asn1str(&dnsname, CURL_ASN1_IA5_STRING,
name.beg, name.end); name.beg, name.end);
if(len > 0) { if(len > 0 && (size_t)len == strlen(dnsname))
if(size_t)len == strlen(dnsname) matched = Curl_cert_hostcheck(dnsname, (size_t)len,
matched = Curl_cert_hostcheck(dnsname, (size_t)len, connssl->hostname, hostlen);
connssl->hostname, hostlen); else
free(dnsname); matched = 0;
} free(dnsname);
break; break;
case 7: /* IP address. */ case 7: /* IP address. */
@ -1406,8 +1405,10 @@ CURLcode Curl_verifyhost(struct Curl_cfilter *cf,
failf(data, "SSL: unable to obtain common name from peer certificate"); failf(data, "SSL: unable to obtain common name from peer certificate");
else { else {
len = utf8asn1str(&dnsname, elem.tag, elem.beg, elem.end); len = utf8asn1str(&dnsname, elem.tag, elem.beg, elem.end);
if(len < 0) if(len < 0) {
free(dnsname);
return CURLE_OUT_OF_MEMORY; return CURLE_OUT_OF_MEMORY;
}
if(strlen(dnsname) != (size_t) len) /* Nul byte in string ? */ if(strlen(dnsname) != (size_t) len) /* Nul byte in string ? */
failf(data, "SSL: illegal cert name field"); failf(data, "SSL: illegal cert name field");
else if(Curl_cert_hostcheck((const char *) dnsname, else if(Curl_cert_hostcheck((const char *) dnsname,