[gnutls-devel] GnuTLS | WIP: AIA callback to retrieve missing chain certificates (!1262)

Development of GNU's TLS library gnutls-devel at lists.gnutls.org
Sat May 30 16:30:22 CEST 2020




Sahana Prasad commented on a discussion on lib/x509/verify.c: https://gitlab.com/gnutls/gnutls/-/merge_requests/1262#note_352312200

> +				_gnutls_debug_log("gnutls_x509_crt_init: %s\n", gnutls_strerror(ret));
> +				gnutls_assert();
> +				MARK_INVALID(GNUTLS_CERT_SIGNER_NOT_FOUND);
> +				goto cleanup;
> +			}
> +
> +			/* missing issuer is populated by the callback */
> +			ret = tlist->issuer_callback(tlist, cert, issuer);
> +			if (ret < 0) {
> +				/* if the callback fails, continue as though the callback
> +				 * wasn't invoked i.e issuer remains NULL */
> +				gnutls_x509_crt_deinit(issuer);
> +				gnutls_assert();
> +				issuer = NULL;
> +			} else
> +				issuer_deinit = true;

@I'm afraid this would still leak.
I tried this method and If I don't call `gnutls_x509_crt_deinit` in verify_crt() in cleanup, 

==9252==ERROR: LeakSanitizer: detected memory leaks                                                                                                                                                                                           
                                                                                                                                                                                                                                              
Direct leak of 136 byte(s) in 1 object(s) allocated from:                                                                                                                                                                                     
    #0 0x7f2096d83e56 in __interceptor_calloc (/lib64/libasan.so.5+0x10de56)                                                                                                                                                                  
    #1 0x7f20966de301 in gnutls_x509_crt_init /home/sprasad/workspace/projects/gnutls/gnutls/lib/x509/x509.c:207                                                                                                                              
    #2 0x402677 in getissuer_callback /home/sprasad/workspace/projects/gnutls/gnutls/tests/missingissuer_aia.c:74                                                                                                                             
    #3 0x7f20966d6691 in verify_crt /home/sprasad/workspace/projects/gnutls/gnutls/lib/x509/verify.c:653                                                                                                                                      
    #4 0x7f20966d9cf5 in _gnutls_verify_crt_status /home/sprasad/workspace/projects/gnutls/gnutls/lib/x509/verify.c:1033                                                                                                                      
    #5 0x7f209670d6ac in gnutls_x509_trust_list_verify_crt2 /home/sprasad/workspace/projects/gnutls/gnutls/lib/x509/verify-high.c:1335                                                                                                        
    #6 0x7f209670e892 in gnutls_x509_trust_list_verify_crt /home/sprasad/workspace/projects/gnutls/gnutls/lib/x509/verify-high.c:1188                                                                                                         
    #7 0x403586 in doit /home/sprasad/workspace/projects/gnutls/gnutls/tests/missingissuer_aia.c:228                                                                                                                                          
    #8 0x404876 in main /home/sprasad/workspace/projects/gnutls/gnutls/tests/utils.c:254                                                                                                                                                      
    #9 0x7f2095229f42 in __libc_start_main (/lib64/libc.so.6+0x23f42)

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1262#note_352312200
You're receiving this email because of your account on gitlab.com.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20200530/72f729f7/attachment-0001.html>


More information about the Gnutls-devel mailing list