bugfix: potential abort after reading invalid X.509 certificate

closes: http://bugzilla.adiscon.com/show_bug.cgi?id=290

Signed-off-by: Rainer Gerhards <rgerhards@adiscon.com>

2 files changed, 10 insertions, 3 deletions

diff --git a/ChangeLog b/ChangeLog
index b28bfbee..f708c821 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,10 +1,13 @@
 ---------------------------------------------------------------------------
-Version 4.8.1  [v4-beta], 2011-09-??
+Version 4.8.1  [v4-stable], 2011-09-??
 - bugfix: $ActionExecOnlyOnce interval did not work properly
   Thanks to Tomas Heinrich for the patch
 - bugfix: potential abort if ultra-large file io buffers are used and
   dynafile cache exhausts address space (primarily a problem on 32 bit
   platforms)
+- bugfix: potential abort after reading invalid X.509 certificate
+  closes: http://bugzilla.adiscon.com/show_bug.cgi?id=290
+  Thanks to Tomas Heinrich for the patch
 ---------------------------------------------------------------------------
 Version 4.8.0  [v4-stable] (rgerhards), 2011-09-07
 ***************************************************************************
diff --git a/runtime/nsd_gtls.c b/runtime/nsd_gtls.c
index e1dcf870..ee78488a 100644
--- a/runtime/nsd_gtls.c
+++ b/runtime/nsd_gtls.c
@@ -201,10 +201,14 @@ finalize_it:
 	if(iRet != RS_RET_OK) {
 		if(data.data != NULL)
 			free(data.data);
-		if(pThis->bOurCertIsInit)
+		if(pThis->bOurCertIsInit) {
 			gnutls_x509_crt_deinit(pThis->ourCert);
-		if(pThis->bOurKeyIsInit)
+			pThis->bOurCertIsInit = 0;
+		}
+		if(pThis->bOurKeyIsInit) {
 			gnutls_x509_privkey_deinit(pThis->ourKey);
+			pThis->bOurKeyIsInit = 0;
+		}
 	}
 	RETiRet;
 }