diff --git a/src/internal.c b/src/internal.c index 89dc78db4..49e078c49 100644 --- a/src/internal.c +++ b/src/internal.c @@ -3817,9 +3817,9 @@ int CopyDecodedToX509(WOLFSSL_X509* x509, DecodedCert* dCert) x509->derCert.length = dCert->maxIdx; } - x509->altNames = dCert->altNames; - dCert->altNames = NULL; /* takes ownership */ - x509->altNamesNext = x509->altNames; /* index hint */ + x509->altNames = dCert->altNames; + dCert->weOwnAltNames = 0; + x509->altNamesNext = x509->altNames; /* index hint */ x509->isCa = dCert->isCA; #ifdef OPENSSL_EXTRA diff --git a/wolfcrypt/src/asn.c b/wolfcrypt/src/asn.c index 6c61fbf2a..231ad0ce1 100644 --- a/wolfcrypt/src/asn.c +++ b/wolfcrypt/src/asn.c @@ -1425,6 +1425,7 @@ void InitDecodedCert(DecodedCert* cert, byte* source, word32 inSz, void* heap) cert->subjectCNLen = 0; cert->subjectCNEnc = CTC_UTF8; cert->subjectCNStored = 0; + cert->weOwnAltNames = 0; cert->altNames = NULL; #ifndef IGNORE_NAME_CONSTRAINTS cert->altEmailNames = NULL; @@ -1563,7 +1564,7 @@ void FreeDecodedCert(DecodedCert* cert) XFREE(cert->subjectCN, cert->heap, DYNAMIC_TYPE_SUBJECT_CN); if (cert->pubKeyStored == 1) XFREE(cert->publicKey, cert->heap, DYNAMIC_TYPE_PUBLIC_KEY); - if (cert->altNames) + if (cert->weOwnAltNames && cert->altNames) FreeAltNames(cert->altNames, cert->heap); #ifndef IGNORE_NAME_CONSTRAINTS if (cert->altEmailNames) @@ -3416,6 +3417,8 @@ static int DecodeAltNames(byte* input, int sz, DecodedCert* cert) return ASN_PARSE_E; } + cert->weOwnAltNames = 1; + while (length > 0) { byte b = input[idx++]; diff --git a/wolfssl/wolfcrypt/asn.h b/wolfssl/wolfcrypt/asn.h index bcea930ab..7511cdfc4 100644 --- a/wolfssl/wolfcrypt/asn.h +++ b/wolfssl/wolfcrypt/asn.h @@ -387,6 +387,7 @@ struct DecodedCert { byte extNameConstraintSet; #endif /* IGNORE_NAME_CONSTRAINTS */ byte isCA; /* CA basic constraint true */ + byte weOwnAltNames; /* altNames haven't been given to copy */ byte extKeyUsageSet; word16 extKeyUsage; /* Key usage bitfield */ byte extExtKeyUsageSet; /* Extended Key Usage */