Skip to content

Commit 5da7efa

Browse files
bandi13bandi13
authored
Merge pull request #6894 from julek-wolfssl/fix-possible-hang
Fix static analyzer possible leak
2 parents a74228b + dc5a246 commit 5da7efa

2 files changed

Lines changed: 20 additions & 7 deletions

File tree

certs/ocsp/renewcerts.sh

Lines changed: 9 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -1,5 +1,14 @@
11
#!/bin/sh
22

3+
# bwrap execution environment to avoid port conflicts
4+
if [ "${AM_BWRAPPED-}" != "yes" ]; then
5+
bwrap_path="$(command -v bwrap)"
6+
if [ -n "$bwrap_path" ]; then
7+
export AM_BWRAPPED=yes
8+
exec "$bwrap_path" --cap-add ALL --unshare-net --dev-bind / / "$0" "$@"
9+
fi
10+
fi
11+
312
check_result(){
413
if [ $1 -ne 0 ]; then
514
if [ -n "$2" ]; then

src/crl.c

Lines changed: 11 additions & 7 deletions
Original file line numberDiff line numberDiff line change
@@ -221,8 +221,12 @@ static void CRL_Entry_free(CRL_Entry* crle, void* heap)
221221
/* Free all CRL resources */
222222
void FreeCRL(WOLFSSL_CRL* crl, int dynamic)
223223
{
224-
CRL_Entry* tmp = crl->crlList;
224+
CRL_Entry* tmp;
225225

226+
if (crl == NULL)
227+
return;
228+
229+
tmp = crl->crlList;
226230
WOLFSSL_ENTER("FreeCRL");
227231
if (crl->monitors[0].path)
228232
XFREE(crl->monitors[0].path, crl->heap, DYNAMIC_TYPE_CRL_MONITOR);
@@ -829,6 +833,7 @@ static int DupX509_CRL(WOLFSSL_X509_CRL *dupl, const WOLFSSL_X509_CRL* crl)
829833
int wolfSSL_X509_STORE_add_crl(WOLFSSL_X509_STORE *store, WOLFSSL_X509_CRL *newcrl)
830834
{
831835
WOLFSSL_X509_CRL *crl;
836+
int ret = 0;
832837

833838
WOLFSSL_ENTER("wolfSSL_X509_STORE_add_crl");
834839
if (store == NULL || newcrl == NULL || store->cm == NULL)
@@ -837,20 +842,19 @@ int wolfSSL_X509_STORE_add_crl(WOLFSSL_X509_STORE *store, WOLFSSL_X509_CRL *newc
837842
if (store->cm->crl == NULL) {
838843
crl = wolfSSL_X509_crl_new(store->cm);
839844
if (crl == NULL) {
845+
WOLFSSL_MSG("wolfSSL_X509_crl_new failed");
840846
return WOLFSSL_FAILURE;
841847
}
842848
if (wc_LockRwLock_Rd(&newcrl->crlLock) != 0) {
843849
WOLFSSL_MSG("wc_LockRwLock_Rd failed");
844850
return BAD_MUTEX_E;
845851
}
846-
if (DupX509_CRL(crl, newcrl) != 0) {
847-
if (crl != NULL) {
848-
wc_UnLockRwLock(&newcrl->crlLock);
849-
FreeCRL(crl, 1);
850-
}
852+
ret = DupX509_CRL(crl, newcrl);
853+
wc_UnLockRwLock(&newcrl->crlLock);
854+
if (ret != 0) {
855+
FreeCRL(crl, 1);
851856
return WOLFSSL_FAILURE;
852857
}
853-
wc_UnLockRwLock(&newcrl->crlLock);
854858
store->crl = store->cm->crl = crl;
855859
if (wolfSSL_CertManagerEnableCRL(store->cm, WOLFSSL_CRL_CHECKALL)
856860
!= WOLFSSL_SUCCESS) {

0 commit comments

Comments
 (0)