diff options
| author | Tobias Brunner <tobias@strongswan.org> | 2016-09-13 14:19:59 +0200 |
|---|---|---|
| committer | Tobias Brunner <tobias@strongswan.org> | 2016-09-20 15:36:15 +0200 |
| commit | 0b4ba9c53d43b2aa1668af537308b657c600f9ba (patch) | |
| tree | 4ba1e12f06fce2db93097c06e467fda43f6ee987 /src | |
| parent | c0c14af8c26117f4877be9f808517fe3fb9b0bff (diff) | |
| download | strongswan-0b4ba9c53d43b2aa1668af537308b657c600f9ba.tar.bz2 strongswan-0b4ba9c53d43b2aa1668af537308b657c600f9ba.tar.xz | |
ipseckey: Properly free enumerated certificates
Diffstat (limited to 'src')
| -rw-r--r-- | src/libcharon/plugins/ipseckey/ipseckey_cred.c | 26 |
1 files changed, 14 insertions, 12 deletions
diff --git a/src/libcharon/plugins/ipseckey/ipseckey_cred.c b/src/libcharon/plugins/ipseckey/ipseckey_cred.c index 6f85994a2..ff50d8a17 100644 --- a/src/libcharon/plugins/ipseckey/ipseckey_cred.c +++ b/src/libcharon/plugins/ipseckey/ipseckey_cred.c @@ -57,6 +57,8 @@ typedef struct { time_t notAfter; /* identity to which the IPSECKEY belongs */ identification_t *identity; + /** most recently enumerated certificate */ + certificate_t *cert; } cert_enumerator_t; METHOD(enumerator_t, cert_enumerator_enumerate, bool, @@ -91,28 +93,27 @@ METHOD(enumerator_t, cert_enumerator_enumerate, bool, public = lib->creds->create(lib->creds, CRED_PUBLIC_KEY, KEY_RSA, BUILD_BLOB_DNSKEY, key, BUILD_END); + cur_ipseckey->destroy(cur_ipseckey); if (!public) { DBG1(DBG_CFG, " failed to create public key from IPSECKEY"); - cur_ipseckey->destroy(cur_ipseckey); continue; } - - *cert = lib->creds->create(lib->creds, CRED_CERTIFICATE, - CERT_TRUSTED_PUBKEY, - BUILD_PUBLIC_KEY, public, - BUILD_SUBJECT, this->identity, - BUILD_NOT_BEFORE_TIME, this->notBefore, - BUILD_NOT_AFTER_TIME, this->notAfter, - BUILD_END); + DESTROY_IF(this->cert); + this->cert = lib->creds->create(lib->creds, CRED_CERTIFICATE, + CERT_TRUSTED_PUBKEY, + BUILD_PUBLIC_KEY, public, + BUILD_SUBJECT, this->identity, + BUILD_NOT_BEFORE_TIME, this->notBefore, + BUILD_NOT_AFTER_TIME, this->notAfter, + BUILD_END); public->destroy(public); - if (*cert == NULL) + if (!this->cert) { DBG1(DBG_CFG, " failed to create certificate from IPSECKEY"); - cur_ipseckey->destroy(cur_ipseckey); continue; } - cur_ipseckey->destroy(cur_ipseckey); + *cert = this->cert; return TRUE; } return FALSE; @@ -121,6 +122,7 @@ METHOD(enumerator_t, cert_enumerator_enumerate, bool, METHOD(enumerator_t, cert_enumerator_destroy, void, cert_enumerator_t *this) { + DESTROY_IF(this->cert); this->inner->destroy(this->inner); this->response->destroy(this->response); free(this); |