mirror of https://github.com/wolfSSL/wolfssh.git
clean up memory after use
JacobBarthelmeh
parent
e40e852bc2
commit
6cfbd653ed
|
|
@ -213,62 +213,67 @@ int wolfSSH_CERTMAN_VerifyCerts_buffer(WOLFSSH_CERTMAN* cm,
|
||||||
cm->heap, DYNTYPE_CERT);
|
cm->heap, DYNTYPE_CERT);
|
||||||
certLen = (word32*)WMALLOC(certsCount * sizeof(word32), cm->heap,
|
certLen = (word32*)WMALLOC(certsCount * sizeof(word32), cm->heap,
|
||||||
DYNTYPE_CERT);
|
DYNTYPE_CERT);
|
||||||
|
if (certLoc == NULL || certLen == NULL) {
|
||||||
|
ret = WS_MEMORY_E;
|
||||||
|
}
|
||||||
|
|
||||||
currentPt = (unsigned char*)certs; /* set initial certificate pointer */
|
if (ret == WS_SUCCESS) {
|
||||||
currentSz = 0;
|
currentPt = (unsigned char*)certs; /* set initial certificate pointer */
|
||||||
|
currentSz = 0;
|
||||||
|
|
||||||
for (idx = 0; idx < (int)certsCount; idx++) {
|
for (idx = 0; idx < (int)certsCount; idx++) {
|
||||||
word32 sz = 0;
|
word32 sz = 0;
|
||||||
certLoc[idx] = currentPt;
|
certLoc[idx] = currentPt;
|
||||||
|
|
||||||
/* get the size of the certificate from first sequence */
|
/* get the size of the certificate from first sequence */
|
||||||
if (currentSz + MAX_SEQ_SZ >= certSz) {
|
if (currentSz + MAX_SEQ_SZ >= certSz) {
|
||||||
ret = WS_BUFFER_E;
|
ret = WS_BUFFER_E;
|
||||||
break;
|
|
||||||
}
|
|
||||||
else {
|
|
||||||
/* at this point there is at least 5 bytes in currentPt */
|
|
||||||
if (currentPt[sz] != (ASN_SEQUENCE | ASN_CONSTRUCTED)) {
|
|
||||||
WLOG(WS_LOG_CERTMAN, "no cert sequence to get length from");
|
|
||||||
ret = ASN_PARSE_E;
|
|
||||||
break;
|
break;
|
||||||
}
|
}
|
||||||
sz++;
|
else {
|
||||||
|
/* at this point there is at least 5 bytes in currentPt */
|
||||||
|
if (currentPt[sz] != (ASN_SEQUENCE | ASN_CONSTRUCTED)) {
|
||||||
|
WLOG(WS_LOG_CERTMAN, "no cert sequence to get length from");
|
||||||
|
ret = ASN_PARSE_E;
|
||||||
|
break;
|
||||||
|
}
|
||||||
|
sz++;
|
||||||
|
|
||||||
if (ret == WS_SUCCESS) {
|
if (ret == WS_SUCCESS) {
|
||||||
if (currentPt[sz] >= ASN_LONG_LENGTH) {
|
if (currentPt[sz] >= ASN_LONG_LENGTH) {
|
||||||
word32 bytes = currentPt[sz++] & 0x7F;
|
word32 bytes = currentPt[sz++] & 0x7F;
|
||||||
if (bytes > MAX_LENGTH_SZ) {
|
if (bytes > MAX_LENGTH_SZ) {
|
||||||
WLOG(WS_LOG_CERTMAN, "length found is too large!");
|
WLOG(WS_LOG_CERTMAN, "length found is too large!");
|
||||||
ret = ASN_PARSE_E;
|
ret = ASN_PARSE_E;
|
||||||
break;
|
break;
|
||||||
}
|
}
|
||||||
else {
|
else {
|
||||||
byte b;
|
byte b;
|
||||||
certLen[idx] = 0;
|
certLen[idx] = 0;
|
||||||
for (; bytes > 0; bytes--) {
|
for (; bytes > 0; bytes--) {
|
||||||
b = currentPt[sz++];
|
b = currentPt[sz++];
|
||||||
certLen[idx] = (certLen[idx] << 8) | b;
|
certLen[idx] = (certLen[idx] << 8) | b;
|
||||||
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
else {
|
||||||
|
certLen[idx] = (word32)currentPt[sz++];
|
||||||
|
}
|
||||||
|
sz += certLen[idx];
|
||||||
|
certLen[idx] = sz; /* update size to contain sequence */
|
||||||
}
|
}
|
||||||
else {
|
|
||||||
certLen[idx] = (word32)currentPt[sz++];
|
|
||||||
}
|
|
||||||
sz += certLen[idx];
|
|
||||||
certLen[idx] = sz; /* update size to contain first sequence */
|
|
||||||
}
|
}
|
||||||
}
|
|
||||||
|
|
||||||
/* advance current pointer and update current total size */
|
/* advance current pointer and update current total size */
|
||||||
if (ret == WS_SUCCESS) {
|
if (ret == WS_SUCCESS) {
|
||||||
if (currentSz + sz > certSz) {
|
if (currentSz + sz > certSz) {
|
||||||
WLOG(WS_LOG_CERTMAN, "cert found is too large!");
|
WLOG(WS_LOG_CERTMAN, "cert found is too large!");
|
||||||
ret = ASN_PARSE_E;
|
ret = ASN_PARSE_E;
|
||||||
break;
|
break;
|
||||||
|
}
|
||||||
|
currentSz += sz;
|
||||||
|
currentPt += sz;
|
||||||
}
|
}
|
||||||
currentSz += sz;
|
|
||||||
currentPt += sz;
|
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
@ -356,6 +361,10 @@ int wolfSSH_CERTMAN_VerifyCerts_buffer(WOLFSSH_CERTMAN* cm,
|
||||||
}
|
}
|
||||||
#endif /* WOLFSSH_NO_FPKI */
|
#endif /* WOLFSSH_NO_FPKI */
|
||||||
|
|
||||||
|
if (certLoc != NULL)
|
||||||
|
WFREE(certLoc, cm->heap, DYNTYPE_CERT);
|
||||||
|
if (certLen != NULL)
|
||||||
|
WFREE(certLen, cm->heap, DYNTYPE_CERT);
|
||||||
WLOG_LEAVE(ret);
|
WLOG_LEAVE(ret);
|
||||||
return ret;
|
return ret;
|
||||||
}
|
}
|
||||||
|
|
|
||||||
|
|
@ -568,6 +568,9 @@ void CtxResourceFree(WOLFSSH_CTX* ctx)
|
||||||
if (ctx->certMan) {
|
if (ctx->certMan) {
|
||||||
wolfSSH_CERTMAN_free(ctx->certMan);
|
wolfSSH_CERTMAN_free(ctx->certMan);
|
||||||
}
|
}
|
||||||
|
if (ctx->cert) {
|
||||||
|
WFREE(ctx->cert, ctx->heap, DYNTYPE_CERT);
|
||||||
|
}
|
||||||
#endif
|
#endif
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
@ -838,7 +841,7 @@ int wolfSSH_ProcessBuffer(WOLFSSH_CTX* ctx,
|
||||||
#ifdef WOLFSSH_CERTS
|
#ifdef WOLFSSH_CERTS
|
||||||
else if (type == BUFTYPE_CERT) {
|
else if (type == BUFTYPE_CERT) {
|
||||||
if (ctx->cert != NULL)
|
if (ctx->cert != NULL)
|
||||||
WFREE(ctx->cert, heap, 0);
|
WFREE(ctx->cert, heap, dynamicType);
|
||||||
ctx->cert = der;
|
ctx->cert = der;
|
||||||
ctx->certSz = derSz;
|
ctx->certSz = derSz;
|
||||||
ctx->useCert = 1;
|
ctx->useCert = 1;
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue