ipseckey: Properly free enumerated certificates
authorTobias Brunner <tobias@strongswan.org>
Tue, 13 Sep 2016 12:19:59 +0000 (14:19 +0200)
committerTobias Brunner <tobias@strongswan.org>
Tue, 20 Sep 2016 13:36:15 +0000 (15:36 +0200)
src/libcharon/plugins/ipseckey/ipseckey_cred.c

index 6f85994..ff50d8a 100644 (file)
@@ -57,6 +57,8 @@ typedef struct {
        time_t notAfter;
        /* identity to which the IPSECKEY belongs */
        identification_t *identity;
+       /** most recently enumerated certificate */
+       certificate_t *cert;
 } cert_enumerator_t;
 
 METHOD(enumerator_t, cert_enumerator_enumerate, bool,
@@ -91,28 +93,27 @@ METHOD(enumerator_t, cert_enumerator_enumerate, bool,
                public = lib->creds->create(lib->creds, CRED_PUBLIC_KEY, KEY_RSA,
                                                                        BUILD_BLOB_DNSKEY, key,
                                                                        BUILD_END);
+               cur_ipseckey->destroy(cur_ipseckey);
                if (!public)
                {
                        DBG1(DBG_CFG, "  failed to create public key from IPSECKEY");
-                       cur_ipseckey->destroy(cur_ipseckey);
                        continue;
                }
-
-               *cert = lib->creds->create(lib->creds, CRED_CERTIFICATE,
-                                                                  CERT_TRUSTED_PUBKEY,
-                                                                  BUILD_PUBLIC_KEY, public,
-                                                                  BUILD_SUBJECT, this->identity,
-                                                                  BUILD_NOT_BEFORE_TIME, this->notBefore,
-                                                                  BUILD_NOT_AFTER_TIME, this->notAfter,
-                                                                  BUILD_END);
+               DESTROY_IF(this->cert);
+               this->cert = lib->creds->create(lib->creds, CRED_CERTIFICATE,
+                                                                               CERT_TRUSTED_PUBKEY,
+                                                                               BUILD_PUBLIC_KEY, public,
+                                                                               BUILD_SUBJECT, this->identity,
+                                                                               BUILD_NOT_BEFORE_TIME, this->notBefore,
+                                                                               BUILD_NOT_AFTER_TIME, this->notAfter,
+                                                                               BUILD_END);
                public->destroy(public);
-               if (*cert == NULL)
+               if (!this->cert)
                {
                        DBG1(DBG_CFG, "  failed to create certificate from IPSECKEY");
-                       cur_ipseckey->destroy(cur_ipseckey);
                        continue;
                }
-               cur_ipseckey->destroy(cur_ipseckey);
+               *cert = this->cert;
                return TRUE;
        }
        return FALSE;
@@ -121,6 +122,7 @@ METHOD(enumerator_t, cert_enumerator_enumerate, bool,
 METHOD(enumerator_t, cert_enumerator_destroy, void,
        cert_enumerator_t *this)
 {
+       DESTROY_IF(this->cert);
        this->inner->destroy(this->inner);
        this->response->destroy(this->response);
        free(this);