Browse code
Check if pkcs11_cert is NULL before freeing it
When running openvpn --show-tls with mbedtls, it showed a null pointer
error at the end because of this.
Signed-off-by: Max Fillinger <maximilian.fillinger@foxcrypto.com>
Acked-by: Arne Schwabe <arne@rfc2549.org>
Message-Id: <20221123154912.28394-1-maximilian.fillinger@foxcrypto.com>
URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg25530.html
Signed-off-by: Gert Doering <gert@greenie.muc.de>
Max Fillinger authored on 2022/11/24 00:49:12Showing 1 changed files
| ... | ... |
@@ -165,7 +165,13 @@ tls_ctx_free(struct tls_root_ctx *ctx) |
| 165 | 165 |
free(ctx->crl); |
| 166 | 166 |
|
| 167 | 167 |
#if defined(ENABLE_PKCS11) |
| 168 |
- pkcs11h_certificate_freeCertificate(ctx->pkcs11_cert); |
|
| 168 |
+ /* ...freeCertificate() can handle NULL ptrs, but if pkcs11 helper |
|
| 169 |
+ * has not been initialized, it will ASSERT() - so, do not pass NULL |
|
| 170 |
+ */ |
|
| 171 |
+ if (ctx->pkcs11_cert) |
|
| 172 |
+ {
|
|
| 173 |
+ pkcs11h_certificate_freeCertificate(ctx->pkcs11_cert); |
|
| 174 |
+ } |
|
| 169 | 175 |
#endif |
| 170 | 176 |
|
| 171 | 177 |
free(ctx->allowed_ciphers); |