[gnutls-devel] [PATCH 1/5] Fix invalid pointer operation in gnutls_certificate_get_x509_crt

[Stefan Sørensen]

The access to the allocated crt_list variable was missing a pointer
dereference, leading to memory corruption for any certificate list with more
than one element.

Signed-off-by: Stefan Sørensen <stefan.sorensen at spectralink.com>
---
 lib/x509.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/lib/x509.c b/lib/x509.c
index 7412557..e6d58de 100644
--- a/lib/x509.c
+++ b/lib/x509.c
@@ -1263,10 +1263,10 @@ gnutls_certificate_get_x509_crt(gnutls_certificate_credentials_t res,
 	}
 
 	for (i = 0; i < res->certs[index].cert_list_length; ++i) {
-		ret = gnutls_pcert_export_x509(&res->certs[index].cert_list[i], crt_list[i]);
+		ret = gnutls_pcert_export_x509(&res->certs[index].cert_list[i], &(*crt_list)[i]);
 		if (ret < 0) {
 			while (i--)
-				gnutls_x509_crt_deinit(*crt_list[i]);
+				gnutls_x509_crt_deinit((*crt_list)[i]);
 			gnutls_free(*crt_list);
 			*crt_list = NULL;
 
-- 
2.7.4