From 462a26c8c3b48eb718f6c6d85bc7ffe66ce196c6 Mon Sep 17 00:00:00 2001 From: Hardening Date: Tue, 3 Jun 2014 15:19:00 +0200 Subject: [PATCH] Don't leak cert in case of failure --- libfreerdp/crypto/tls.c | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/libfreerdp/crypto/tls.c b/libfreerdp/crypto/tls.c index dc49bda11..c6e779280 100644 --- a/libfreerdp/crypto/tls.c +++ b/libfreerdp/crypto/tls.c @@ -635,14 +635,15 @@ int tls_do_handshake(rdpTls* tls, BOOL clientMode) if (!tls->Bindings) { fprintf(stderr, "%s: unable to retrieve bindings\n", __FUNCTION__); - return -1; + verify_status = -1; + goto out; } if (!crypto_cert_get_public_key(cert, &tls->PublicKey, &tls->PublicKeyLength)) { fprintf(stderr, "%s: crypto_cert_get_public_key failed to return the server public key.\n", __FUNCTION__); - tls_free_certificate(cert); - return -1; + verify_status = -1; + goto out; } /* Note: server-side NLA needs public keys (keys from us, the server) but no @@ -661,6 +662,7 @@ int tls_do_handshake(rdpTls* tls, BOOL clientMode) } } +out: tls_free_certificate(cert); return verify_status;