On Thu, Apr 21, 2022 at 02:15:14PM +0200, Claudio Jeker wrote:
> On Thu, Apr 21, 2022 at 02:08:01PM +0200, Theo Buehler wrote:
> > On Thu, Apr 21, 2022 at 01:14:31PM +0200, Claudio Jeker wrote:
> > > So here is the cleanup of filemode.c and also a bit of cleanup in parse.c
> > > This should also fix a few bugs in parse_load_certchain() (mainly
> > > memleaks).
> >
> > A couple of suggestions for parse_load_certchain() below.
> >
>
> Always good to have extra eyes on such changes. Here updated diff with
> your suggested changes.
Sure.
> /* TA found play back the stack and add all certs */
> - for (failed = 0; i >= 0; i--) {
> + for (; i >= 0; i--) {
> cert = stack[i];
> uri = filestack[i];
>
> - if (failed)
> - cert_free(cert);
> - else if (proc_parser_cert_validate(uri, cert) == NULL)
> - failed = 1;
> + crl = crl_get(&crlt, a);
> + if (!valid_x509(uri, ctx, cert->x509, a, crl, 0) ||
> + !valid_cert(uri, a, cert))
> + goto fail;
> + cert->talid = a->cert->talid;
> + a = auth_insert(&auths, cert, a);
> + stack[i] = NULL;
> }
I'd add a
return;
Then it's ok.
> +
> +fail:
> + for (i = 0; i < MAX_CERT_DEPTH; i++)
> + cert_free(stack[i]);
> }
