Hi,
On Wed, Nov 23, 2022 at 12:18 PM Arne Schwabe <a...@rfc2549.org> wrote:
> Am 23.11.22 um 16:49 schrieb Max Fillinger:
> > When running openvpn --show-tls with mbedtls, it showed a null pointer
> > error at the end because of this.
> >
> > Signed-off-by: Max Fillinger <maximilian.fillin...@foxcrypto.com>
> > ---
> > src/openvpn/ssl_mbedtls.c | 5 ++++-
> > 1 file changed, 4 insertions(+), 1 deletion(-)
> >
> > diff --git a/src/openvpn/ssl_mbedtls.c b/src/openvpn/ssl_mbedtls.c
> > index ea06cf70..aa55a1a0 100644
> > --- a/src/openvpn/ssl_mbedtls.c
> > +++ b/src/openvpn/ssl_mbedtls.c
> > @@ -165,7 +165,10 @@ tls_ctx_free(struct tls_root_ctx *ctx)
> > free(ctx->crl);
> >
> > #if defined(ENABLE_PKCS11)
> > - pkcs11h_certificate_freeCertificate(ctx->pkcs11_cert);
> > + if (ctx->pkcs11_cert)
> > + {
> > + pkcs11h_certificate_freeCertificate(ctx->pkcs11_cert);
> > + }
> > #endif
> >
> > free(ctx->allowed_ciphers);
>
> Sigh, a function that violates the C paradigm that calling somethingfree
> on a null pointer is fine. Maybe we should add as a comment that this
> function is special in this way.
>
pkcs11h_certiciate_freeCertificate() does seem to handle NULL argument.
With --show-tls, are we calling this before intializing the pkcs11 library?
That could trigger an ASSERT.
Selva
_______________________________________________
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-devel
