pki: Fix memory leaks in --signcrl if signature scheme is not found
authorTobias Brunner <tobias@strongswan.org>
Tue, 30 Apr 2019 08:25:56 +0000 (10:25 +0200)
committerTobias Brunner <tobias@strongswan.org>
Tue, 30 Apr 2019 08:25:56 +0000 (10:25 +0200)
Fixes: dd4bd21c5a22 ("pki: Query private key for supported signature schemes")

src/pki/commands/signcrl.c

index a399d21..8c234fe 100644 (file)
@@ -416,9 +416,6 @@ static int sign_crl()
                        BUILD_CRL_DISTRIBUTION_POINTS, cdps, BUILD_BASE_CRL, baseCrlNumber,
                        BUILD_END);
        enumerator->destroy(enumerator);
-       lastenum->destroy(lastenum);
-       DESTROY_IF((certificate_t*)lastcrl);
-       free(crl_serial.ptr);
 
        if (!crl)
        {
@@ -442,9 +439,12 @@ error:
        DESTROY_IF(private);
        DESTROY_IF(ca);
        DESTROY_IF(crl);
+       DESTROY_IF(lastenum);
+       DESTROY_IF((certificate_t*)lastcrl);
        signature_params_destroy(scheme);
        free(encoding.ptr);
        free(baseCrlNumber.ptr);
+       free(crl_serial.ptr);
        list->destroy_function(list, (void*)revoked_destroy);
        cdps->destroy_function(cdps, (void*)x509_cdp_destroy);
        if (error)