mirrors/FreeRDP
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Fix certificate leak

Browse Source 
There were a leak when doing TLS in server mode
This commit is contained in:
Hardening 2014-06-03 14:59:58 +02:00
parent 183155dbd1
commit a607b4553d
1 changed files with 13 additions and 13 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

26
libfreerdp/crypto/tls.c
View File

@ -480,7 +480,7 @@ static CryptoCert tls_get_certificate(rdpTls* tls, BOOL peer)
if (peer) if (peer)
remote_cert = SSL_get_peer_certificate(tls->ssl); remote_cert = SSL_get_peer_certificate(tls->ssl);
else else
remote_cert = SSL_get_certificate(tls->ssl); remote_cert = X509_dup( SSL_get_certificate(tls->ssl) );
if (!remote_cert) if (!remote_cert)
{ {
@ -645,20 +645,20 @@ int tls_do_handshake(rdpTls* tls, BOOL clientMode)
return -1; return -1;
} }
if (!clientMode) /* Note: server-side NLA needs public keys (keys from us, the server) but no
* certificate verify
*/
verify_status = 1;
if (clientMode)
{ {
/* NLA needs public keys so let's just copy the keys from the server and return now */ verify_status = tls_verify_certificate(tls, cert, tls->hostname, tls->port);
return 1;
}
verify_status = tls_verify_certificate(tls, cert, tls->hostname, tls->port); if (verify_status < 1)
{
if (verify_status < 1) fprintf(stderr, "%s: certificate not trusted, aborting.\n", __FUNCTION__);
{ tls_disconnect(tls);
fprintf(stderr, "%s: certificate not trusted, aborting.\n", __FUNCTION__); verify_status = 0;
tls_disconnect(tls); }
tls_free_certificate(cert);
return 0;
} }
tls_free_certificate(cert); tls_free_certificate(cert);