From 24a37ba75cc95fdd4382ada67197163a84b9cb8f Mon Sep 17 00:00:00 2001
From: Nikias Bassen
Date: Fri, 8 Nov 2013 19:57:23 +0100
Subject: lockdown: fix possible invalid free in GnuTLS cert generation code

---
 src/lockdown.c | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

(limited to 'src')

diff --git a/src/lockdown.c b/src/lockdown.c
index 690ab56..ed91e9d 100644
--- a/src/lockdown.c
+++ b/src/lockdown.c
@@ -1420,6 +1420,9 @@ lockdownd_error_t lockdownd_gen_pair_cert_for_udid(const char *udid, key_data_t
 		gnutls_x509_crt_t dev_cert, root_cert, host_cert;
 
 		gnutls_x509_privkey_init(&fake_privkey);
+		gnutls_x509_privkey_init(&root_privkey);
+		gnutls_x509_privkey_init(&host_privkey);
+
 		gnutls_x509_crt_init(&dev_cert);
 		gnutls_x509_crt_init(&root_cert);
 		gnutls_x509_crt_init(&host_cert);
@@ -1428,9 +1431,6 @@ lockdownd_error_t lockdownd_gen_pair_cert_for_udid(const char *udid, key_data_t
 			gnutls_x509_privkey_import_rsa_raw(fake_privkey, &modulus, &exponent, &essentially_null, &essentially_null,
 											   &essentially_null, &essentially_null)) {
 
-			gnutls_x509_privkey_init(&root_privkey);
-			gnutls_x509_privkey_init(&host_privkey);
-
 			uret = userpref_device_record_get_keys_and_certs(udid, root_privkey, root_cert, host_privkey, host_cert);
 
 			if (USERPREF_E_SUCCESS == uret) {
-- 
cgit v1.1-32-gdbae