aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
Diffstat
-rw-r--r--src/libstrongswan/credentials/containers/pkcs7.h5
-rw-r--r--src/libstrongswan/plugins/pkcs7/pkcs7_signed_data.c2
-rw-r--r--src/pki/commands/pkcs7.c1
-rw-r--r--src/scepclient/scep.c3
4 files changed, 9 insertions, 2 deletions
diff --git a/src/libstrongswan/credentials/containers/pkcs7.h b/src/libstrongswan/credentials/containers/pkcs7.h
index d79650e74..d42d82b0b 100644
--- a/src/libstrongswan/credentials/containers/pkcs7.h
+++ b/src/libstrongswan/credentials/containers/pkcs7.h
@@ -41,9 +41,12 @@ struct pkcs7_t {
* To select the signerInfo structure to get the attribute from, pass
* the enumerator position from container_t.create_signature_enumerator().
*
+ * The attribute returned does not contain type information and must be
+ * freed after use.
+ *
* @param oid OID from the attribute to get
* @param enumerator enumerator to select signerInfo
- * @param value chunk receiving attribute value, internal data
+ * @param value chunk receiving attribute value, allocated
* @return TRUE if attribute found
*/
bool (*get_attribute)(pkcs7_t *this, int oid, enumerator_t *enumerator,
diff --git a/src/libstrongswan/plugins/pkcs7/pkcs7_signed_data.c b/src/libstrongswan/plugins/pkcs7/pkcs7_signed_data.c
index 4c963ab82..2ef97084f 100644
--- a/src/libstrongswan/plugins/pkcs7/pkcs7_signed_data.c
+++ b/src/libstrongswan/plugins/pkcs7/pkcs7_signed_data.c
@@ -323,7 +323,7 @@ METHOD(pkcs7_t, get_attribute, bool,
chunk = e->info->attributes->get_attribute(e->info->attributes, oid);
if (chunk.len)
{
- *value = chunk;
+ *value = chunk_clone(chunk);
return TRUE;
}
}
diff --git a/src/pki/commands/pkcs7.c b/src/pki/commands/pkcs7.c
index d5bee759f..3d53ace00 100644
--- a/src/pki/commands/pkcs7.c
+++ b/src/pki/commands/pkcs7.c
@@ -114,6 +114,7 @@ static int verify(chunk_t chunk)
{
fprintf(stderr, " at %T", &t, FALSE);
}
+ free(data.ptr);
}
fprintf(stderr, "\n");
}
diff --git a/src/scepclient/scep.c b/src/scepclient/scep.c
index faaac8851..62b244efd 100644
--- a/src/scepclient/scep.c
+++ b/src/scepclient/scep.c
@@ -85,6 +85,7 @@ void extract_attributes(pkcs7_t *pkcs7, enumerator_t *enumerator,
}
}
DBG2(DBG_APP, "messageType: %s", msgType_names[attrs->msgType]);
+ free(attr.ptr);
}
if (pkcs7->get_attribute(pkcs7, OID_PKI_STATUS, enumerator, &attr))
{
@@ -98,6 +99,7 @@ void extract_attributes(pkcs7_t *pkcs7, enumerator_t *enumerator,
}
}
DBG2(DBG_APP, "pkiStatus: %s", pkiStatus_names[attrs->pkiStatus]);
+ free(attr.ptr);
}
if (pkcs7->get_attribute(pkcs7, OID_PKI_FAIL_INFO, enumerator, &attr))
{
@@ -109,6 +111,7 @@ void extract_attributes(pkcs7_t *pkcs7, enumerator_t *enumerator,
{
DBG1(DBG_APP, "failInfo: %s", failInfo_reasons[attrs->failInfo]);
}
+ free(attr.ptr);
}
pkcs7->get_attribute(pkcs7, OID_PKI_SENDER_NONCE, enumerator,
generated by cgit v1.2.3 (git 2.25.1) at 2025-03-06 16:34:35 +0000