From cf1874baaad1a781156bcfc9d3b1cc6e8cf80646 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Adrien=20B=C3=A9raud?= <adrien.beraud@savoirfairelinux.com>
Date: Mon, 15 Jun 2020 17:47:27 -0400
Subject: [PATCH] crypto: free token before return

---
 src/crypto.cpp | 35 ++++++++++++++++++-----------------
 1 file changed, 18 insertions(+), 17 deletions(-)

diff --git a/src/crypto.cpp b/src/crypto.cpp
index 5c6fe8eb..9f501502 100644
--- a/src/crypto.cpp
+++ b/src/crypto.cpp
@@ -1038,25 +1038,26 @@ std::pair<Blob,Blob>
 Certificate::generateOcspRequest(gnutls_x509_crt_t& issuer)
 {
     gnutls_ocsp_req_t rreq;
-    int ret = gnutls_ocsp_req_init(&rreq);
-    if (ret < 0)
-        throw CryptoException(gnutls_strerror(ret));
+    int err = gnutls_ocsp_req_init(&rreq);
+    if (err < 0)
+        throw CryptoException(gnutls_strerror(err));
     std::unique_ptr<struct gnutls_ocsp_req_int, decltype(&gnutls_ocsp_req_deinit)> req(rreq, &gnutls_ocsp_req_deinit);
-    ret = gnutls_ocsp_req_add_cert(req.get(), GNUTLS_DIG_SHA512, issuer, cert);
-    if (ret < 0)
-        throw CryptoException(gnutls_strerror(ret));
-    unsigned char noncebuf[64];
-    gnutls_datum_t nonce = { noncebuf, sizeof(noncebuf) };
-    ret = gnutls_rnd(GNUTLS_RND_NONCE, nonce.data, nonce.size);
-    ret = gnutls_ocsp_req_set_nonce(req.get(), 0, &nonce);
-    if (ret < 0)
-        throw CryptoException(gnutls_strerror(ret));
+    err = gnutls_ocsp_req_add_cert(req.get(), GNUTLS_DIG_SHA512, issuer, cert);
+    if (err < 0)
+        throw CryptoException(gnutls_strerror(err));
+    Blob noncebuf(64);
+    gnutls_datum_t nonce = { noncebuf.data(), (unsigned)noncebuf.size() };
+    err = gnutls_rnd(GNUTLS_RND_NONCE, nonce.data, nonce.size);
+    err = gnutls_ocsp_req_set_nonce(req.get(), 0, &nonce);
+    if (err < 0)
+        throw CryptoException(gnutls_strerror(err));
     gnutls_datum_t rdata;
-    ret = gnutls_ocsp_req_export(req.get(), &rdata);
-    if (ret != 0)
-        throw CryptoException(gnutls_strerror(ret));
-    return std::make_pair<Blob,Blob>({rdata.data, rdata.data + rdata.size},
-                                     {nonce.data, nonce.data + nonce.size});
+    err = gnutls_ocsp_req_export(req.get(), &rdata);
+    if (err != 0)
+        throw CryptoException(gnutls_strerror(err));
+    Blob ret(rdata.data, rdata.data + rdata.size);
+    gnutls_free(rdata.data);
+    return std::make_pair<Blob,Blob>(std::move(ret), std::move(noncebuf));
 }
 
 // PrivateKey
-- 
GitLab