Skip to content

Commit

Permalink
fixes for memory and error status leaks in parse cert
Browse files Browse the repository at this point in the history
  • Loading branch information
astitt-ripple committed Feb 17, 2017
1 parent 9584ed4 commit 8b34a62
Showing 1 changed file with 14 additions and 0 deletions.
14 changes: 14 additions & 0 deletions src/x509.cc
Original file line number Diff line number Diff line change
Expand Up @@ -134,6 +134,7 @@ NAN_METHOD(get_altnames) {
Local<Value> key = Nan::New<String>("altNames").ToLocalChecked();
info.GetReturnValue().Set(
Nan::Get(exports, key).ToLocalChecked());
ERR_clear_error();
}

NAN_METHOD(get_subject) {
Expand All @@ -146,6 +147,7 @@ NAN_METHOD(get_subject) {
Local<Value> key = Nan::New<String>("subject").ToLocalChecked();
info.GetReturnValue().Set(
Nan::Get(exports, key).ToLocalChecked());
ERR_clear_error();
}

NAN_METHOD(get_issuer) {
Expand All @@ -158,6 +160,7 @@ NAN_METHOD(get_issuer) {
Local<Value> key = Nan::New<String>("issuer").ToLocalChecked();
info.GetReturnValue().Set(
Nan::Get(exports, key).ToLocalChecked());
ERR_clear_error();
}

NAN_METHOD(parse_cert) {
Expand All @@ -168,6 +171,7 @@ NAN_METHOD(parse_cert) {
}
Local<Object> exports(try_parse(parsed_arg)->ToObject());
info.GetReturnValue().Set(exports);
ERR_clear_error();
}

/*
Expand Down Expand Up @@ -198,11 +202,13 @@ Local<Value> try_parse(const std::string& dataString) {
cert = PEM_read_bio_X509(bio, NULL, 0, NULL);

if (cert == NULL) {
BIO_free_all(bio);
// Switch to file BIO
bio = BIO_new(BIO_s_file());

// If raw read fails, try reading the input as a filename.
if (!BIO_read_filename(bio, data)) {
ERR_clear_error();
Nan::ThrowError("File doesn't exist.");
BIO_free(bio);
return scope.Escape(exports);
Expand All @@ -212,6 +218,7 @@ Local<Value> try_parse(const std::string& dataString) {
cert = PEM_read_bio_X509(bio, NULL, 0, NULL);

if (cert == NULL) {
ERR_clear_error();
Nan::ThrowError("Unable to parse certificate.");
BIO_free(bio);
return scope.Escape(exports);
Expand Down Expand Up @@ -247,6 +254,7 @@ Local<Value> try_parse(const std::string& dataString) {
// Signature Algorithm
int sig_alg_nid = OBJ_obj2nid(cert->sig_alg->algorithm);
if (sig_alg_nid == NID_undef) {
ERR_clear_error();
Nan::ThrowError("unable to find specified signature algorithm name.");
X509_free(cert);
BIO_free(bio);
Expand Down Expand Up @@ -281,6 +289,7 @@ Local<Value> try_parse(const std::string& dataString) {
// public key
int pkey_nid = OBJ_obj2nid(cert->cert_info->key->algor->algorithm);
if (pkey_nid == NID_undef) {
ERR_clear_error();
Nan::ThrowError("unable to find specified public key algorithm name.");
X509_free(cert);
BIO_free(bio);
Expand All @@ -303,9 +312,11 @@ Local<Value> try_parse(const std::string& dataString) {
Nan::Set(publicKey,
Nan::New<String>("e").ToLocalChecked(),
Nan::New<String>(rsa_e_dec).ToLocalChecked());
OPENSSL_free(rsa_e_dec);
Nan::Set(publicKey,
Nan::New<String>("n").ToLocalChecked(),
Nan::New<String>(rsa_n_hex).ToLocalChecked());
OPENSSL_free(rsa_n_hex);
Nan::Set(publicKey,
Nan::New<String>("bitSize").ToLocalChecked(),
Nan::New<Uint32>(rsa_key_length_int));
Expand All @@ -329,6 +340,7 @@ Local<Value> try_parse(const std::string& dataString) {
char *name = (char*) ASN1_STRING_data(current->d.dNSName);

if (ASN1_STRING_length(current->d.dNSName) != (int) strlen(name)) {
ERR_clear_error();
Nan::ThrowError("Malformed alternative names field.");
X509_free(cert);
BIO_free(bio);
Expand All @@ -337,6 +349,7 @@ Local<Value> try_parse(const std::string& dataString) {
Nan::Set(altNames, i, Nan::New<String>(name).ToLocalChecked());
}
}
sk_GENERAL_NAME_pop_free(names, GENERAL_NAME_free);
}
Nan::Set(exports, Nan::New<String>("altNames").ToLocalChecked(), altNames);

Expand Down Expand Up @@ -395,6 +408,7 @@ Local<Value> try_parse(const std::string& dataString) {
Nan::Set(exports,
Nan::New<String>("extensions").ToLocalChecked(), extensions);

ERR_clear_error();
X509_free(cert);
BIO_free(bio);

Expand Down

0 comments on commit 8b34a62

Please sign in to comment.