On error, gnutls_x509_crt_list_import() deinitializes any certificates that it loaded (this isn't documented, of course, but see [1]). However, we're also deinitializing them in the error handling case, resulting in a double-free. Set nr_extra_certs to zero in that case so that we don't crash. 1: https://gitlab.com/gnutls/gnutls/blob/gnutls_3_6_9/lib/x509/x509.c#L3864 Signed-off-by: Omar Sandoval <osandov@xxxxxxxxxxx> --- gnutls.c | 1 + 1 file changed, 1 insertion(+) diff --git a/gnutls.c b/gnutls.c index 4f915d62..4a000af9 100644 --- a/gnutls.c +++ b/gnutls.c @@ -1082,6 +1082,7 @@ static int load_certificate(struct openconnect_info *vpninfo) vpn_progress(vpninfo, PRG_ERR, _("Loading certificate failed: %s\n"), reason); + nr_extra_certs = 0; ret = -EINVAL; goto out; } -- 2.23.0 _______________________________________________ openconnect-devel mailing list openconnect-devel@xxxxxxxxxxxxxxxxxxx http://lists.infradead.org/mailman/listinfo/openconnect-devel
