github/open62541
7
0
Fork 0
mirror of https://github.com/open62541/open62541.git synced 2025-06-03 04:00:21 +00:00
Code Issues Packages Projects Releases Wiki Activity

Security: Free certificates after the comparison

Browse Source
This commit is contained in:
Julius Pfrommer 2018-11-02 11:43:34 +01:00 committed by Julius Pfrommer
parent 691ec179cf
commit 6a86062397
2 changed files with 18 additions and 12 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

15
plugins/ua_securitypolicy_basic128rsa15.c
View File

@ -720,15 +720,18 @@ channelContext_compareCertificate_sp_basic128rsa15(const Basic128Rsa15_ChannelCo
mbedtls_x509_crt cert;
mbedtls_x509_crt_init(&cert);
int mbedErr = mbedtls_x509_crt_parse(&cert, certificate->data, certificate->length);
UA_MBEDTLS_ERRORHANDLING_RETURN(UA_STATUSCODE_BADSECURITYCHECKSFAILED);
if(cert.raw.len != cc->remoteCertificate.raw.len)
if(mbedErr) {
UA_LOG_MBEDERR;
return UA_STATUSCODE_BADSECURITYCHECKSFAILED;
}
if(memcmp(cert.raw.p, cc->remoteCertificate.raw.p, cert.raw.len) != 0)
return UA_STATUSCODE_BADSECURITYCHECKSFAILED;
UA_StatusCode retval = UA_STATUSCODE_GOOD;
if(cert.raw.len != cc->remoteCertificate.raw.len ||
memcmp(cert.raw.p, cc->remoteCertificate.raw.p, cert.raw.len) != 0)
retval = UA_STATUSCODE_BADSECURITYCHECKSFAILED;
return UA_STATUSCODE_GOOD;
mbedtls_x509_crt_free(&cert);
return retval;
}
static void

15
plugins/ua_securitypolicy_basic256sha256.c
View File

@ -742,15 +742,18 @@ channelContext_compareCertificate_sp_basic256sha256(const Basic256Sha256_Channel
mbedtls_x509_crt cert;
mbedtls_x509_crt_init(&cert);
int mbedErr = mbedtls_x509_crt_parse(&cert, certificate->data, certificate->length);
UA_MBEDTLS_ERRORHANDLING_RETURN(UA_STATUSCODE_BADSECURITYCHECKSFAILED);
if(cert.raw.len != cc->remoteCertificate.raw.len)
if(mbedErr) {
UA_LOG_MBEDERR;
return UA_STATUSCODE_BADSECURITYCHECKSFAILED;
}
if(memcmp(cert.raw.p, cc->remoteCertificate.raw.p, cert.raw.len) != 0)
return UA_STATUSCODE_BADSECURITYCHECKSFAILED;
UA_StatusCode retval = UA_STATUSCODE_GOOD;
if(cert.raw.len != cc->remoteCertificate.raw.len ||
memcmp(cert.raw.p, cc->remoteCertificate.raw.p, cert.raw.len) != 0)
retval = UA_STATUSCODE_BADSECURITYCHECKSFAILED;
return UA_STATUSCODE_GOOD;
mbedtls_x509_crt_free(&cert);
return retval;
}
static void