Am 31.05.16 um 14:21 schrieb Steffan Karger: > On 31-05-16 13:42, Ivo Manca wrote: >> Signed-off-by: Ivo Manca <[email protected]> >> --- >> src/openvpn/ssl_verify_mbedtls.c | 7 +++++-- >> 1 file changed, 5 insertions(+), 2 deletions(-) >> >> diff --git a/src/openvpn/ssl_verify_mbedtls.c >> b/src/openvpn/ssl_verify_mbedtls.c >> index 9c4b51a..522ff68 100644 >> --- a/src/openvpn/ssl_verify_mbedtls.c >> +++ b/src/openvpn/ssl_verify_mbedtls.c >> @@ -162,7 +162,7 @@ backend_x509_get_serial (mbedtls_x509_crt *cert, struct >> gc_arena *gc) >> cert->serial.len))) >> { >> msg(M_WARN, "Failed to retrieve serial from certificate."); >> - return NULL; >> + goto end; >> } >> >> /* Determine decimal representation length, allocate buffer */ >> @@ -173,9 +173,12 @@ backend_x509_get_serial (mbedtls_x509_crt *cert, struct >> gc_arena *gc) >> if (!mbed_ok(mbedtls_mpi_write_string(&serial_mpi, 10, buf, buflen, >> &buflen))) >> { >> msg(M_WARN, "Failed to write serial to string."); >> - return NULL; >> + buf = NULL; >> + goto end; >> } >> >> +end: >> + mbedtls_mpi_free(&serial_mpi); >> return buf; >> } > ACK - *but* Ivo did this work for us (Fox-IT), so some external eyes > before applying are welcome. > ACK, looks good to me, too.
Arne
