feedc0de/wolfssl
1
0
Fork 0
forked from wolfSSL/wolfssl
Code Pull Requests Activity

Do not overwrite cert in wolfSSL_set_SSL_CTX if one is already set, remove unreachable frees.

Browse Source
This commit is contained in:
Colton Willey
2024-08-14 17:07:20 -07:00
parent dcf3af5382
commit 65d7c6a533
2 changed files with 6 additions and 15 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
src/internal.c
View File

@@ -6806,9 +6806,6 @@ int SetSSL_CTX(WOLFSSL* ssl, WOLFSSL_CTX* ctx, int writeDup)
#ifdef WOLFSSL_COPY_CERT #ifdef WOLFSSL_COPY_CERT
/* If WOLFSSL_COPY_CERT is defined, always copy the cert */ /* If WOLFSSL_COPY_CERT is defined, always copy the cert */
if (ctx->certificate != NULL) { if (ctx->certificate != NULL) {
if (ssl->buffers.certificate != NULL) {
FreeDer(&ssl->buffers.certificate);
}
ret = AllocCopyDer(&ssl->buffers.certificate, ctx->certificate->buffer, ret = AllocCopyDer(&ssl->buffers.certificate, ctx->certificate->buffer,
ctx->certificate->length, ctx->certificate->type, ctx->certificate->length, ctx->certificate->type,
ctx->certificate->heap); ctx->certificate->heap);
@@ -6820,9 +6817,6 @@ int SetSSL_CTX(WOLFSSL* ssl, WOLFSSL_CTX* ctx, int writeDup)
ret = WOLFSSL_SUCCESS; ret = WOLFSSL_SUCCESS;
} }
if (ctx->certChain != NULL) { if (ctx->certChain != NULL) {
if (ssl->buffers.certChain != NULL) {
FreeDer(&ssl->buffers.certChain);
}
ret = AllocCopyDer(&ssl->buffers.certChain, ctx->certChain->buffer, ret = AllocCopyDer(&ssl->buffers.certChain, ctx->certChain->buffer,
ctx->certChain->length, ctx->certChain->type, ctx->certChain->length, ctx->certChain->type,
ctx->certChain->heap); ctx->certChain->heap);

15
src/ssl.c
View File

@@ -20152,11 +20152,10 @@ WOLFSSL_CTX* wolfSSL_set_SSL_CTX(WOLFSSL* ssl, WOLFSSL_CTX* ctx)
#ifndef NO_CERTS #ifndef NO_CERTS
#ifdef WOLFSSL_COPY_CERT #ifdef WOLFSSL_COPY_CERT
/* If WOLFSSL_COPY_CERT defined, always make new copy of cert */ /* If WOLFSSL_COPY_CERT defined, make new copy of cert from ctx
if (ctx->certificate != NULL) { * unless SSL object already has a cert */
if (ssl->buffers.certificate != NULL) { if ((ctx->certificate != NULL) &&
FreeDer(&ssl->buffers.certificate); (ssl->buffers.certificate == NULL)) {
}
ret = AllocCopyDer(&ssl->buffers.certificate, ctx->certificate->buffer, ret = AllocCopyDer(&ssl->buffers.certificate, ctx->certificate->buffer,
ctx->certificate->length, ctx->certificate->type, ctx->certificate->length, ctx->certificate->type,
ctx->certificate->heap); ctx->certificate->heap);
@@ -20167,10 +20166,8 @@ WOLFSSL_CTX* wolfSSL_set_SSL_CTX(WOLFSSL* ssl, WOLFSSL_CTX* ctx)
ssl->buffers.weOwnCert = 1; ssl->buffers.weOwnCert = 1;
ret = WOLFSSL_SUCCESS; ret = WOLFSSL_SUCCESS;
} }
if (ctx->certChain != NULL) { if ((ctx->certChain != NULL) &&
if (ssl->buffers.certChain != NULL) { (ssl->buffers.certChain == NULL)) {
FreeDer(&ssl->buffers.certChain);
}
ret = AllocCopyDer(&ssl->buffers.certChain, ctx->certChain->buffer, ret = AllocCopyDer(&ssl->buffers.certChain, ctx->certChain->buffer,
ctx->certChain->length, ctx->certChain->type, ctx->certChain->length, ctx->certChain->type,
ctx->certChain->heap); ctx->certChain->heap);