luo980/curl
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

vtls: avoid memory leak if sha256 call fails

Browse Source 
... in the pinned public key handling function.

Reported-by: lizhuang0630 on github
Fixes #11306
Closes #11307
This commit is contained in:
Daniel Stenberg 2023-06-12 14:10:37 +02:00
parent fdfc2bb6be
commit a4a5e438ae
No known key found for this signature in database
GPG Key ID: 5CC908FDB71E12C2
1 changed files with 5 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
lib/vtls/vtls.c
View File

@ -907,14 +907,12 @@ CURLcode Curl_pin_peer_pubkey(struct Curl_easy *data,
if(!sha256sumdigest) if(!sha256sumdigest)
return CURLE_OUT_OF_MEMORY; return CURLE_OUT_OF_MEMORY;
encode = Curl_ssl->sha256sum(pubkey, pubkeylen, encode = Curl_ssl->sha256sum(pubkey, pubkeylen,
sha256sumdigest, CURL_SHA256_DIGEST_LENGTH); sha256sumdigest, CURL_SHA256_DIGEST_LENGTH);
if(encode != CURLE_OK) if(!encode)
return encode; encode = Curl_base64_encode((char *)sha256sumdigest,
CURL_SHA256_DIGEST_LENGTH, &encoded,
encode = Curl_base64_encode((char *)sha256sumdigest, &encodedlen);
CURL_SHA256_DIGEST_LENGTH, &encoded,
&encodedlen);
Curl_safefree(sha256sumdigest); Curl_safefree(sha256sumdigest);
if(encode) if(encode)