lockdown: fix possible invalid free in GnuTLS cert generation code

1 files changed, 3 insertions, 3 deletions

diff --git a/src/lockdown.c b/src/lockdown.c
index 690ab56..ed91e9d 100644
--- a/src/lockdown.c
+++ b/src/lockdown.c
@@ -1420,6 +1420,9 @@ lockdownd_error_t lockdownd_gen_pair_cert_for_udid(const char *udid, key_data_t
                 gnutls_x509_crt_t dev_cert, root_cert, host_cert;
 
                 gnutls_x509_privkey_init(&fake_privkey);
+                gnutls_x509_privkey_init(&root_privkey);
+                gnutls_x509_privkey_init(&host_privkey);
+
                 gnutls_x509_crt_init(&dev_cert);
                 gnutls_x509_crt_init(&root_cert);
                 gnutls_x509_crt_init(&host_cert);
@@ -1428,9 +1431,6 @@ lockdownd_error_t lockdownd_gen_pair_cert_for_udid(const char *udid, key_data_t
                         gnutls_x509_privkey_import_rsa_raw(fake_privkey, &modulus, &exponent, &essentially_null, &essentially_null,
                                                                                            &essentially_null, &essentially_null)) {
 
-                        gnutls_x509_privkey_init(&root_privkey);
-                        gnutls_x509_privkey_init(&host_privkey);
-
                         uret = userpref_device_record_get_keys_and_certs(udid, root_privkey, root_cert, host_privkey, host_cert);
 
                         if (USERPREF_E_SUCCESS == uret) {