summaryrefslogtreecommitdiff
path: root/usr.sbin/rpki-client
diff options
context:
space:
mode:
authorTheo Buehler <tb@cvs.openbsd.org>2022-08-12 13:19:03 +0000
committerTheo Buehler <tb@cvs.openbsd.org>2022-08-12 13:19:03 +0000
commite1599dbcbe073680d106f2f2027475a3fb3ac331 (patch)
treea49e0639f0ded84a1d31d9f332c44ab959b9074b /usr.sbin/rpki-client
parent5bf53e5aa5dd395dedc99ce6fd1d8a7d0a05316e (diff)
No need to make a deep copy of the EE cert
The EE Cert has just been allocated as part of deserializing the cms. There is no need for an expensive copy, we can just keep a reference. ok job
Diffstat (limited to 'usr.sbin/rpki-client')
-rw-r--r--usr.sbin/rpki-client/cms.c8
1 files changed, 6 insertions, 2 deletions
diff --git a/usr.sbin/rpki-client/cms.c b/usr.sbin/rpki-client/cms.c
index ba1127fe1a4..ed5e2bf8b72 100644
--- a/usr.sbin/rpki-client/cms.c
+++ b/usr.sbin/rpki-client/cms.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: cms.c,v 1.20 2022/05/31 18:41:43 tb Exp $ */
+/* $OpenBSD: cms.c,v 1.21 2022/08/12 13:19:02 tb Exp $ */
/*
* Copyright (c) 2019 Kristaps Dzonsons <kristaps@bsd.lv>
*
@@ -222,7 +222,11 @@ cms_parse_validate(X509 **xp, const char *fn, const unsigned char *der,
"want 1 signer, have %d", fn, sk_X509_num(certs));
goto out;
}
- *xp = X509_dup(sk_X509_value(certs, 0));
+ *xp = sk_X509_value(certs, 0);
+ if (!X509_up_ref(*xp)) {
+ *xp = NULL;
+ goto out;
+ }
/* Cache X509v3 extensions, see X509_check_ca(3). */
if (X509_check_purpose(*xp, -1, -1) <= 0) {