Home Explore Help
Sign In
thomas
/
open62541
Watch 1
Star 0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Browse Source

Security: Free certificates after the comparison

Julius Pfrommer 5 years ago
parent
691ec179cf
commit
6a86062397
2 changed files with 18 additions and 12 deletions
Split View Show Diff Stats
  1. 9 6
      plugins/ua_securitypolicy_basic128rsa15.c
  2. 9 6
      plugins/ua_securitypolicy_basic256sha256.c

+ 9 - 6
plugins/ua_securitypolicy_basic128rsa15.c
View File 

@@ -720,15 +720,18 @@ channelContext_compareCertificate_sp_basic128rsa15(const Basic128Rsa15_ChannelCo
 
     mbedtls_x509_crt cert;
 
     mbedtls_x509_crt_init(&cert);
 
     int mbedErr = mbedtls_x509_crt_parse(&cert, certificate->data, certificate->length);
 
-    UA_MBEDTLS_ERRORHANDLING_RETURN(UA_STATUSCODE_BADSECURITYCHECKSFAILED);
 
-
 
-    if(cert.raw.len != cc->remoteCertificate.raw.len)
 
+    if(mbedErr) {
 
+        UA_LOG_MBEDERR;
 
         return UA_STATUSCODE_BADSECURITYCHECKSFAILED;
 
+    }
 
 
-    if(memcmp(cert.raw.p, cc->remoteCertificate.raw.p, cert.raw.len) != 0)
 
-        return UA_STATUSCODE_BADSECURITYCHECKSFAILED;
 
+    UA_StatusCode retval = UA_STATUSCODE_GOOD;
 
+    if(cert.raw.len != cc->remoteCertificate.raw.len ||
 
+       memcmp(cert.raw.p, cc->remoteCertificate.raw.p, cert.raw.len) != 0)
 
+        retval = UA_STATUSCODE_BADSECURITYCHECKSFAILED;
 
 
-    return UA_STATUSCODE_GOOD;
 
+    mbedtls_x509_crt_free(&cert);
 
+    return retval;
 
 }
 
 
 static void

+ 9 - 6
plugins/ua_securitypolicy_basic256sha256.c
View File 

@@ -742,15 +742,18 @@ channelContext_compareCertificate_sp_basic256sha256(const Basic256Sha256_Channel
 
     mbedtls_x509_crt cert;
 
     mbedtls_x509_crt_init(&cert);
 
     int mbedErr = mbedtls_x509_crt_parse(&cert, certificate->data, certificate->length);
 
-    UA_MBEDTLS_ERRORHANDLING_RETURN(UA_STATUSCODE_BADSECURITYCHECKSFAILED);
 
-
 
-    if(cert.raw.len != cc->remoteCertificate.raw.len)
 
+    if(mbedErr) {
 
+        UA_LOG_MBEDERR;
 
         return UA_STATUSCODE_BADSECURITYCHECKSFAILED;
 
+    }
 
 
-    if(memcmp(cert.raw.p, cc->remoteCertificate.raw.p, cert.raw.len) != 0)
 
-        return UA_STATUSCODE_BADSECURITYCHECKSFAILED;
 
+    UA_StatusCode retval = UA_STATUSCODE_GOOD;
 
+    if(cert.raw.len != cc->remoteCertificate.raw.len ||
 
+       memcmp(cert.raw.p, cc->remoteCertificate.raw.p, cert.raw.len) != 0)
 
+        retval = UA_STATUSCODE_BADSECURITYCHECKSFAILED;
 
 
-    return UA_STATUSCODE_GOOD;
 
+    mbedtls_x509_crt_free(&cert);
 
+    return retval;
 
 }
 
 
 static void