diff mbox series

[Openvpn-devel,v1] pkcs11_management_id_get: Free certificate object after use

Message ID 20251027212747.4161-1-gert@greenie.muc.de
State Accepted
Headers show
Series [Openvpn-devel,v1] pkcs11_management_id_get: Free certificate object after use | expand

Commit Message

Gert Doering Oct. 27, 2025, 9:27 p.m. UTC 
From: Selva Nair <selva.nair@gmail.com>

Found by ZeroPath

Change-Id: I85320b8f1cfc02dfd561916e5637d9481edac59e
Signed-off-by: Selva Nair <selva.nair@gmail.com>
Acked-by: Arne Schwabe <arne-openvpn@rfc2549.org>
Gerrit URL: https://gerrit.openvpn.net/c/openvpn/+/1317
---

This change was reviewed on Gerrit and approved by at least one
developer. I request to merge it to master.

Gerrit URL: https://gerrit.openvpn.net/c/openvpn/+/1317
This mail reflects revision 1 of this Change.

Acked-by according to Gerrit (reflected above):
Arne Schwabe <arne-openvpn@rfc2549.org>

Comments

Gert Doering Oct. 28, 2025, 9:23 a.m. UTC | #1 
I have not reviewed/tested this beyond "BB compiles things, unit tests
(including pkcs11 on some of the instances) work".  Stare-at-code looks
very trivially correct.

Your patch has been applied to the master branch.

commit 87f639c820b8365585fc825ee7ea9cdd86cf88c5
Author: Selva Nair
Date:   Mon Oct 27 22:27:41 2025 +0100

     pkcs11_management_id_get: Free certificate object after use

     Signed-off-by: Selva Nair <selva.nair@gmail.com>
     Acked-by: Arne Schwabe <arne-openvpn@rfc2549.org>
     Gerrit URL: https://gerrit.openvpn.net/c/openvpn/+/1317
     Message-Id: <20251027212747.4161-1-gert@greenie.muc.de>
     URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg33908.html
     Signed-off-by: Gert Doering <gert@greenie.muc.de>


--
kind regards,

Gert Doering
diff mbox series

Patch

diff --git a/src/openvpn/pkcs11.c b/src/openvpn/pkcs11.c
index ce64135..9afb181 100644
--- a/src/openvpn/pkcs11.c
+++ b/src/openvpn/pkcs11.c
@@ -436,9 +436,6 @@ 
 {
     pkcs11h_certificate_id_list_t id_list = NULL;
     pkcs11h_certificate_id_list_t entry = NULL;
-#if 0 /* certificate_id seems to be unused -- JY */
-    pkcs11h_certificate_id_t certificate_id = NULL;
-#endif
     pkcs11h_certificate_t certificate = NULL;
     CK_RV rv = CKR_OK;
     unsigned char *certificate_blob = NULL;
@@ -548,6 +545,9 @@ 
     pkcs11h_certificate_freeCertificateIdList(id_list);
     id_list = NULL;
 
+    pkcs11h_certificate_freeCertificate(certificate);
+    certificate = NULL;
+
     free(internal_id);
     internal_id = NULL;