From 9800f8df3718d5f951e33e5a208e63824bb090cf Mon Sep 17 00:00:00 2001
From: Tristan Matthews <tristan.matthews@savoirfairelinux.com>
Date: Fri, 11 Jul 2014 15:57:38 -0400
Subject: [PATCH] tls: fix broken error handling

We shouldn't call gnu_tls_global_deinit() if gnu_tls_global_init()
hasn't been called, and we especially shouldn't call
gnutls_x509_privkey_deinit on an uninitialized key.

Refs #51340

Change-Id: I0d4a9dd3814e76f78d511d9fa5447308d6733291
---
 daemon/src/sip/tlsvalidation.c | 7 +++++--
 1 file changed, 5 insertions(+), 2 deletions(-)

diff --git a/daemon/src/sip/tlsvalidation.c b/daemon/src/sip/tlsvalidation.c
index 8800ed81c0..3306f0b23b 100644
--- a/daemon/src/sip/tlsvalidation.c
+++ b/daemon/src/sip/tlsvalidation.c
@@ -293,13 +293,16 @@ int containsPrivateKey(const char *pemPath)
     err = gnutls_global_init();
     if (err != GNUTLS_E_SUCCESS) {
         ERROR("Could not init GnuTLS - %s", gnutls_strerror(err));
-        goto out;
+        free(dt.data);
+        return res;
     }
 
     err = gnutls_x509_privkey_init(&key);
     if (err != GNUTLS_E_SUCCESS) {
         ERROR("Could not init key - %s", gnutls_strerror(err));
-        goto out;
+        free(dt.data);
+        gnutls_global_deinit();
+        return res;
     }
 
     err = gnutls_x509_privkey_import(key, &dt, GNUTLS_X509_FMT_PEM);
-- 
GitLab