From 82d2aca505647ec95c650059906e26e67ff11e75 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Moise=CC=81s=20Guimara=CC=83es?=
 <moisesguimaraesm@gmail.com>
Date: Wed, 27 Aug 2014 17:09:55 -0300
Subject: [PATCH] ssl: refactoring CyaSSL_CertManagerVerifyBuffer to reduce
 stack usage: --- variable cert moved to the heap (sizeof(DecodedCert) saved)

---
 src/ssl.c | 46 ++++++++++++++++++++++++++++++++--------------
 1 file changed, 32 insertions(+), 14 deletions(-)

diff --git a/src/ssl.c b/src/ssl.c
index 56805cb26..1cfe8c50b 100644
--- a/src/ssl.c
+++ b/src/ssl.c
@@ -2412,17 +2412,27 @@ int CyaSSL_CertManagerVerifyBuffer(CYASSL_CERT_MANAGER* cm, const byte* buff,
                                    long sz, int format)
 {
     int ret = 0;
-    int eccKey = 0;  /* not used */
-
-    DecodedCert cert;
-    buffer      der;
+    buffer der;
+#ifdef CYASSL_SMALL_STACK
+    DecodedCert* cert;
+#else
+    DecodedCert  cert[1];
+#endif
 
     CYASSL_ENTER("CyaSSL_CertManagerVerifyBuffer");
 
+#ifdef CYASSL_SMALL_STACK
+    cert = (DecodedCert*)XMALLOC(sizeof(DecodedCert), NULL,
+                                                       DYNAMIC_TYPE_TMP_BUFFER);
+    if (cert == NULL)
+        return MEMORY_E;
+#endif
+
     der.buffer = NULL;
     der.length = 0;
 
     if (format == SSL_FILETYPE_PEM) {
+        int eccKey = 0; /* not used */
 #ifdef CYASSL_SMALL_STACK
 		EncryptedInfo* info;
 #else
@@ -2432,36 +2442,44 @@ int CyaSSL_CertManagerVerifyBuffer(CYASSL_CERT_MANAGER* cm, const byte* buff,
 #ifdef CYASSL_SMALL_STACK
         info = (EncryptedInfo*)XMALLOC(sizeof(EncryptedInfo), NULL, 
 		                                               DYNAMIC_TYPE_TMP_BUFFER);
-        if (info == NULL)
+        if (info == NULL) {
+            XFREE(cert, NULL, DYNAMIC_TYPE_TMP_BUFFER);
             return MEMORY_E;
+        }
 #endif
 
         info->set      = 0;
         info->ctx      = NULL;
         info->consumed = 0;
+
         ret = PemToDer(buff, sz, CERT_TYPE, &der, cm->heap, info, &eccKey);
-        InitDecodedCert(&cert, der.buffer, der.length, cm->heap);
+        
+        if (ret == 0)
+            InitDecodedCert(cert, der.buffer, der.length, cm->heap);
 		
 #ifdef CYASSL_SMALL_STACK
 	    XFREE(info, NULL, DYNAMIC_TYPE_TMP_BUFFER);
 #endif
     }
     else
-        InitDecodedCert(&cert, (byte*)buff, (word32)sz, cm->heap);
+        InitDecodedCert(cert, (byte*)buff, (word32)sz, cm->heap);
 
     if (ret == 0)
-        ret = ParseCertRelative(&cert, CERT_TYPE, 1, cm);
+        ret = ParseCertRelative(cert, CERT_TYPE, 1, cm);
+
 #ifdef HAVE_CRL
     if (ret == 0 && cm->crlEnabled)
-        ret = CheckCertCRL(cm->crl, &cert);
+        ret = CheckCertCRL(cm->crl, cert);
 #endif
 
-    FreeDecodedCert(&cert);
-    XFREE(der.buffer, cm->heap, DYNAMIC_TYPE_CERT);
+    FreeDecodedCert(cert);
 
-    if (ret == 0)
-        return SSL_SUCCESS;
-    return ret;
+    XFREE(der.buffer, cm->heap, DYNAMIC_TYPE_CERT);
+#ifdef CYASSL_SMALL_STACK
+    XFREE(cert, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+#endif
+
+    return ret == 0 ? SSL_SUCCESS : ret;
 }