Skip to content
Snippets Groups Projects
Commit d0955091 authored by Sébastien Blin's avatar Sébastien Blin
Browse files

certstore: fix memory leak with gnutls_x509_crt_list_import2

Change-Id: I8e98b66bf23a34cb1a4b3d360d8c1027e064c7e5
parent 9c26f7b5
No related branches found
No related tags found
No related merge requests found
......@@ -109,7 +109,8 @@ CertificateStore::loadRevocations(crypto::Certificate& crt) const
continue;
// Save the response
dht::Blob ocspBlob = fileutils::loadFile(ocsp_filepath);
crt.ocspResponse = std::make_shared<dht::crypto::OcspResponse>(ocspBlob.data(),ocspBlob.size());
crt.ocspResponse = std::make_shared<dht::crypto::OcspResponse>(ocspBlob.data(),
ocspBlob.size());
unsigned int status = crt.ocspResponse->getCertificateStatus();
if (status == GNUTLS_OCSP_CERT_GOOD)
JAMI_DBG("Certificate %s has good OCSP status", crt.getId().to_c_str());
......@@ -227,6 +228,7 @@ readCertificates(const std::string& path, const std::string& crl_path)
gnutls_x509_crt_list_import2(&certs, &cert_num, &dt, GNUTLS_X509_FMT_PEM, 0);
for (unsigned i = 0; i < cert_num; i++)
ret.emplace_back(certs[i]);
gnutls_free(certs);
} catch (const std::exception& e) {
};
}
......@@ -404,21 +406,18 @@ CertificateStore::pinOcspResponse(const dht::crypto::Certificate& cert)
return;
try {
cert.ocspResponse->getCertificateStatus();
}
catch (dht::crypto::CryptoException& e){
} catch (dht::crypto::CryptoException& e) {
JAMI_ERR("Failed to read certificate status of OCSP response: %s", e.what());
return;
}
auto id = cert.getId().toString();
auto serialhex = dht::toHex(cert.getSerialNumber());
auto dir = ocspPath_ + DIR_SEPARATOR_CH + id;
dht::ThreadPool::io().run([
path = dir + DIR_SEPARATOR_CH + serialhex,
dht::ThreadPool::io().run([path = dir + DIR_SEPARATOR_CH + serialhex,
dir = std::move(dir),
id = std::move(id),
serialhex = std::move(serialhex),
ocspResponse = cert.ocspResponse
]{
ocspResponse = cert.ocspResponse] {
JAMI_DBG("Saving OCSP Response of device %s with serial %s", id.c_str(), serialhex.c_str());
std::lock_guard<std::mutex> lock(fileutils::getFileLock(path));
fileutils::check_dir(dir.c_str());
......
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment