Commit cdc1cc22 authored by Steve Holme's avatar Steve Holme
Browse files

vtls: Don't set cert info count until memory allocation is successful 

Otherwise Curl_ssl_init_certinfo() can fail and set the num_of_certs
member variable to the requested count, which could then be used
incorrectly as libcurl closes down.
parent fe43a662

lib/vtls/vtls.c

+6 −2
Original line number Diff line number Diff line
@@ -593,12 +593,14 @@ void Curl_ssl_free_certinfo(struct SessionHandle *data) 
{

  int i;

  struct curl_certinfo *ci = &data->info.certs;



  if(ci->num_of_certs) {

    /* free all individual lists used */

    for(i=0; i<ci->num_of_certs; i++) {

      curl_slist_free_all(ci->certinfo[i]);

      ci->certinfo[i] = NULL;

    }



    free(ci->certinfo); /* free the actual array too */

    ci->certinfo = NULL;

    ci->num_of_certs = 0;
@@ -610,13 +612,15 @@ CURLcode Curl_ssl_init_certinfo(struct SessionHandle *data, int num) 
  struct curl_certinfo *ci = &data->info.certs;

  struct curl_slist **table;



  /* Initialize the certificate information structures */

  /* Free any previous certificate information structures */

  Curl_ssl_free_certinfo(data);

  ci->num_of_certs = num;



  /* Allocate the required certificate information structures */

  table = calloc((size_t) num, sizeof(struct curl_slist *));

  if(!table)

    return CURLE_OUT_OF_MEMORY;



  ci->num_of_certs = num;

  ci->certinfo = table;



  return CURLE_OK;