[Swan-commit] Changes to ref refs/heads/master
Paul Wouters
paul at vault.libreswan.fi
Tue Dec 6 22:01:24 UTC 2016
New commits:
commit 65cdf0070a2cd896556e03c04856b0aa5f87a9a1
Author: Paul Wouters <pwouters at redhat.com>
Date: Tue Dec 6 17:00:49 2016 -0500
updated changes
commit 6c7c8b85ff6c8a05d30b0994edc11364c2f0effa
Author: William Rios <wrios at ventusnetworks.com>
Date: Tue Dec 6 16:58:13 2016 -0500
X509: Fix memory leak in certificate handling (lsbz#278)
In get_pluto_gn_from_nss_cert, the call to CERT_GetCertificateNames
allocates memory in cert->arena which would only be freed when
cert->arena is freed. It seems that either cert->arena is never
freed or at least it's not freed for quite a while. The data
from CERT_GetCertificateNames is used almost immediately after by
add_cert_san_pubkeys and then is apparently no longer needed. If a new
arena is used for CERT_GetCertificateNames instead of cert->arena then
it can be freed in add_cert_san_pubkeys after it is no longer needed.
Signed-off-by: Paul Wouters <pwouters at redhat.com>
Note: long term solution is to remove pluto_gn and use the nss fields
directly, as pluto_gn is a relic from pre-NSS times.
More information about the Swan-commit
mailing list