Skip to content

Commit 780fd98

Browse files
douzzerdouzzer
committed
src/internal.c: in ProcessPeerCerts(), smallstack refactor of a span gated on HAVE_CERTIFICATE_STATUS_REQUEST_V2, to get DecodedCert off the stack.
1 parent c8a9bdb commit 780fd98

1 file changed

Lines changed: 42 additions & 21 deletions

File tree

src/internal.c

Lines changed: 42 additions & 21 deletions
Original file line numberDiff line numberDiff line change
@@ -14955,44 +14955,65 @@ int ProcessPeerCerts(WOLFSSL* ssl, byte* input, word32* inOutIdx,
1495514955
#endif
1495614956
#if defined(HAVE_CERTIFICATE_STATUS_REQUEST_V2)
1495714957
if (ret == 0 && addToPendingCAs && !alreadySigner) {
14958-
DecodedCert dCertAdd;
14959-
DerBuffer *derBuffer;
14958+
#ifdef WOLFSSL_SMALL_STACK
14959+
DecodedCert *dCertAdd = NULL;
14960+
#else
14961+
DecodedCert dCertAdd[1];
14962+
#endif
14963+
int dCertAdd_inited = 0;
14964+
DerBuffer *derBuffer = NULL;
1496014965
buffer* cert = &args->certs[args->certIdx];
14961-
Signer *s;
14962-
InitDecodedCert(&dCertAdd, cert->buffer, cert->length, ssl->heap);
14963-
ret = ParseCert(&dCertAdd, CA_TYPE, NO_VERIFY, SSL_CM(ssl));
14966+
Signer *s = NULL;
14967+
14968+
#ifdef WOLFSSL_SMALL_STACK
14969+
dCertAdd = (DecodedCert *)
14970+
XMALLOC(sizeof(*dCertAdd), ssl->heap,
14971+
DYNAMIC_TYPE_TMP_BUFFER);
14972+
if (dCertAdd == NULL) {
14973+
ret = MEMORY_E;
14974+
goto exit_req_v2;
14975+
}
14976+
#endif
14977+
InitDecodedCert(dCertAdd, cert->buffer, cert->length,
14978+
ssl->heap);
14979+
dCertAdd_inited = 1;
14980+
ret = ParseCert(dCertAdd, CA_TYPE, NO_VERIFY,
14981+
SSL_CM(ssl));
1496414982
if (ret != 0) {
14965-
FreeDecodedCert(&dCertAdd);
14966-
goto exit_ppc;
14983+
goto exit_req_v2;
1496714984
}
1496814985
ret = AllocDer(&derBuffer, cert->length, CA_TYPE, ssl->heap);
1496914986
if (ret != 0 || derBuffer == NULL) {
14970-
FreeDecodedCert(&dCertAdd);
14971-
goto exit_ppc;
14987+
goto exit_req_v2;
1497214988
}
1497314989
XMEMCPY(derBuffer->buffer, cert->buffer, cert->length);
1497414990
s = MakeSigner(SSL_CM(ssl)->heap);
1497514991
if (s == NULL) {
14976-
FreeDecodedCert(&dCertAdd);
14977-
FreeDer(&derBuffer);
1497814992
ret = MEMORY_E;
14979-
goto exit_ppc;
14993+
goto exit_req_v2;
1498014994
}
14981-
ret = FillSigner(s, &dCertAdd, CA_TYPE, derBuffer);
14982-
FreeDecodedCert(&dCertAdd);
14983-
FreeDer(&derBuffer);
14995+
ret = FillSigner(s, dCertAdd, CA_TYPE, derBuffer);
1498414996
if (ret != 0) {
14985-
FreeSigner(s, SSL_CM(ssl)->heap);
14986-
goto exit_ppc;
14997+
goto exit_req_v2;
1498714998
}
1498814999
skipAddCA = 1;
1498915000
ret = TLSX_CSR2_AddPendingSigner(ssl->extensions, s);
14990-
if (ret != 0) {
14991-
FreeSigner(s, ssl->heap);
15001+
15002+
exit_req_v2:
15003+
if (s && (ret != 0))
15004+
FreeSigner(s, SSL_CM(ssl)->heap);
15005+
if (derBuffer)
15006+
FreeDer(&derBuffer);
15007+
if (dCertAdd_inited)
15008+
FreeDecodedCert(dCertAdd);
15009+
#ifdef WOLFSSL_SMALL_STACK
15010+
if (dCertAdd)
15011+
XFREE(dCertAdd, ssl->heap, DYNAMIC_TYPE_TMP_BUFFER);
15012+
#endif
15013+
if (ret != 0)
1499215014
goto exit_ppc;
14993-
}
1499415015
}
14995-
#endif
15016+
#endif /* HAVE_CERTIFICATE_STATUS_REQUEST_V2 */
1499615017

1499715018
/* If valid CA then add to Certificate Manager */
1499815019
if (ret == 0 && args->dCert->isCA &&

0 commit comments

Comments
 (0)