summaryrefslogtreecommitdiffstats
path: root/src/plugins
diff options
context:
space:
mode:
authorNalin Dahyabhai <nalin@dahyabhai.net>2013-07-10 22:17:58 -0400
committerGreg Hudson <ghudson@mit.edu>2013-07-15 11:05:26 -0400
commit04444a2606e3db92e66d74e29bef9103452f2cee (patch)
treea749a4094addb41d60d0bea927185604bddba3ed /src/plugins
parent40d61fe580a57d63987c4e2b8eecd9f0ed1f1189 (diff)
downloadkrb5-04444a2606e3db92e66d74e29bef9103452f2cee.tar.gz
krb5-04444a2606e3db92e66d74e29bef9103452f2cee.tar.xz
krb5-04444a2606e3db92e66d74e29bef9103452f2cee.zip
Don't leak PKINIT CMS signed data certs and CRLs
The stacks of certificates and CRLs that we retrieve from CMS objects include newly-owned references to the certificates and CRLs, so when we go to free them, we need to remember to free those. [ghudson@mit.edu: minor formatting change; removed unrelated style fix]
Diffstat (limited to 'src/plugins')
-rw-r--r--src/plugins/preauth/pkinit/pkinit_crypto_openssl.c6
1 files changed, 4 insertions, 2 deletions
diff --git a/src/plugins/preauth/pkinit/pkinit_crypto_openssl.c b/src/plugins/preauth/pkinit/pkinit_crypto_openssl.c
index ae4efc343..29c4f5755 100644
--- a/src/plugins/preauth/pkinit/pkinit_crypto_openssl.c
+++ b/src/plugins/preauth/pkinit/pkinit_crypto_openssl.c
@@ -177,8 +177,10 @@ pkinit_pkcs11_code_to_text(int err);
#include <openssl/cms.h>
#define pkinit_CMS_get0_content_signed(_cms) CMS_get0_content(_cms)
#define pkinit_CMS_get0_content_data(_cms) CMS_get0_content(_cms)
-#define pkinit_CMS_free1_crls(_sk_x509crl) sk_X509_CRL_free((_sk_x509crl))
-#define pkinit_CMS_free1_certs(_sk_x509) sk_X509_free((_sk_x509))
+#define pkinit_CMS_free1_crls(_sk_x509crl) \
+ sk_X509_CRL_pop_free((_sk_x509crl), X509_CRL_free)
+#define pkinit_CMS_free1_certs(_sk_x509) \
+ sk_X509_pop_free((_sk_x509), X509_free)
#define pkinit_CMS_SignerInfo_get_cert(_cms,_si,_x509_pp) \
CMS_SignerInfo_get0_algs(_si,NULL,_x509_pp,NULL,NULL)
#else
generated by cgit (git 2.34.1) at 2025-02-23 22:29:58 +0000