diff options
author | Theo Buehler <tb@cvs.openbsd.org> | 2022-08-12 13:19:03 +0000 |
---|---|---|
committer | Theo Buehler <tb@cvs.openbsd.org> | 2022-08-12 13:19:03 +0000 |
commit | e1599dbcbe073680d106f2f2027475a3fb3ac331 (patch) | |
tree | a49e0639f0ded84a1d31d9f332c44ab959b9074b /usr.sbin/rpki-client | |
parent | 5bf53e5aa5dd395dedc99ce6fd1d8a7d0a05316e (diff) |
No need to make a deep copy of the EE cert
The EE Cert has just been allocated as part of deserializing the cms.
There is no need for an expensive copy, we can just keep a reference.
ok job
Diffstat (limited to 'usr.sbin/rpki-client')
-rw-r--r-- | usr.sbin/rpki-client/cms.c | 8 |
1 files changed, 6 insertions, 2 deletions
diff --git a/usr.sbin/rpki-client/cms.c b/usr.sbin/rpki-client/cms.c index ba1127fe1a4..ed5e2bf8b72 100644 --- a/usr.sbin/rpki-client/cms.c +++ b/usr.sbin/rpki-client/cms.c @@ -1,4 +1,4 @@ -/* $OpenBSD: cms.c,v 1.20 2022/05/31 18:41:43 tb Exp $ */ +/* $OpenBSD: cms.c,v 1.21 2022/08/12 13:19:02 tb Exp $ */ /* * Copyright (c) 2019 Kristaps Dzonsons <kristaps@bsd.lv> * @@ -222,7 +222,11 @@ cms_parse_validate(X509 **xp, const char *fn, const unsigned char *der, "want 1 signer, have %d", fn, sk_X509_num(certs)); goto out; } - *xp = X509_dup(sk_X509_value(certs, 0)); + *xp = sk_X509_value(certs, 0); + if (!X509_up_ref(*xp)) { + *xp = NULL; + goto out; + } /* Cache X509v3 extensions, see X509_check_ca(3). */ if (X509_check_purpose(*xp, -1, -1) <= 0) { |