From 9800f8df3718d5f951e33e5a208e63824bb090cf Mon Sep 17 00:00:00 2001 From: Tristan Matthews <tristan.matthews@savoirfairelinux.com> Date: Fri, 11 Jul 2014 15:57:38 -0400 Subject: [PATCH] tls: fix broken error handling We shouldn't call gnu_tls_global_deinit() if gnu_tls_global_init() hasn't been called, and we especially shouldn't call gnutls_x509_privkey_deinit on an uninitialized key. Refs #51340 Change-Id: I0d4a9dd3814e76f78d511d9fa5447308d6733291 --- daemon/src/sip/tlsvalidation.c | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/daemon/src/sip/tlsvalidation.c b/daemon/src/sip/tlsvalidation.c index 8800ed81c0..3306f0b23b 100644 --- a/daemon/src/sip/tlsvalidation.c +++ b/daemon/src/sip/tlsvalidation.c @@ -293,13 +293,16 @@ int containsPrivateKey(const char *pemPath) err = gnutls_global_init(); if (err != GNUTLS_E_SUCCESS) { ERROR("Could not init GnuTLS - %s", gnutls_strerror(err)); - goto out; + free(dt.data); + return res; } err = gnutls_x509_privkey_init(&key); if (err != GNUTLS_E_SUCCESS) { ERROR("Could not init key - %s", gnutls_strerror(err)); - goto out; + free(dt.data); + gnutls_global_deinit(); + return res; } err = gnutls_x509_privkey_import(key, &dt, GNUTLS_X509_FMT_PEM); -- GitLab