[gnutls-devel] GnuTLS | WIP: AIA callback to retrieve missing chain certificates (!1262)
Development of GNU's TLS library
gnutls-devel at lists.gnutls.org
Sat May 30 16:30:22 CEST 2020
Sahana Prasad commented on a discussion on lib/x509/verify.c: https://gitlab.com/gnutls/gnutls/-/merge_requests/1262#note_352312200
> + _gnutls_debug_log("gnutls_x509_crt_init: %s\n", gnutls_strerror(ret));
> + gnutls_assert();
> + MARK_INVALID(GNUTLS_CERT_SIGNER_NOT_FOUND);
> + goto cleanup;
> + }
> +
> + /* missing issuer is populated by the callback */
> + ret = tlist->issuer_callback(tlist, cert, issuer);
> + if (ret < 0) {
> + /* if the callback fails, continue as though the callback
> + * wasn't invoked i.e issuer remains NULL */
> + gnutls_x509_crt_deinit(issuer);
> + gnutls_assert();
> + issuer = NULL;
> + } else
> + issuer_deinit = true;
@I'm afraid this would still leak.
I tried this method and If I don't call `gnutls_x509_crt_deinit` in verify_crt() in cleanup,
==9252==ERROR: LeakSanitizer: detected memory leaks
Direct leak of 136 byte(s) in 1 object(s) allocated from:
#0 0x7f2096d83e56 in __interceptor_calloc (/lib64/libasan.so.5+0x10de56)
#1 0x7f20966de301 in gnutls_x509_crt_init /home/sprasad/workspace/projects/gnutls/gnutls/lib/x509/x509.c:207
#2 0x402677 in getissuer_callback /home/sprasad/workspace/projects/gnutls/gnutls/tests/missingissuer_aia.c:74
#3 0x7f20966d6691 in verify_crt /home/sprasad/workspace/projects/gnutls/gnutls/lib/x509/verify.c:653
#4 0x7f20966d9cf5 in _gnutls_verify_crt_status /home/sprasad/workspace/projects/gnutls/gnutls/lib/x509/verify.c:1033
#5 0x7f209670d6ac in gnutls_x509_trust_list_verify_crt2 /home/sprasad/workspace/projects/gnutls/gnutls/lib/x509/verify-high.c:1335
#6 0x7f209670e892 in gnutls_x509_trust_list_verify_crt /home/sprasad/workspace/projects/gnutls/gnutls/lib/x509/verify-high.c:1188
#7 0x403586 in doit /home/sprasad/workspace/projects/gnutls/gnutls/tests/missingissuer_aia.c:228
#8 0x404876 in main /home/sprasad/workspace/projects/gnutls/gnutls/tests/utils.c:254
#9 0x7f2095229f42 in __libc_start_main (/lib64/libc.so.6+0x23f42)
--
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1262#note_352312200
You're receiving this email because of your account on gitlab.com.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20200530/72f729f7/attachment-0001.html>
More information about the Gnutls-devel
mailing list