mbedtls: only free crt_parse when something came back

Mbedtls mbedtls_x509_crt_parse() returns 0 for success which is good. But it has a complicated idea about what to return on fail... if it couldn't make even one cert from the data, then it returns a negative return indicating the parsing problem and there is nothing to free. If it managed to parse at least one cert, instead it retuns a positive number indicating the number of certs it didn't parse successfully, and there is something to free. Adapt the code to understand this quirk.
2025-03-30 00:00:16 +01:00 · 2020-07-09 13:57:11 +01:00 · 2020-07-09 13:57:11 +01:00 · 6b3221ffc1
commit 6b3221ffc1
parent 73424ae66a
1 changed files with 2 additions and 1 deletions
--- a/lib/tls/mbedtls/mbedtls-x509.c
+++ b/lib/tls/mbedtls/mbedtls-x509.c
@ -240,7 +240,8 @@ lws_x509_parse_from_pem(struct lws_x509_cert *x509, const void *pem, size_t len)

 	ret = mbedtls_x509_crt_parse(&x509->cert, pem, len);
 	if (ret) {
-		mbedtls_x509_crt_free(&x509->cert);
+		if (ret > 0)
+			mbedtls_x509_crt_free(&x509->cert);
 		lwsl_err("%s: unable to parse PEM cert: -0x%x\n",
 			 __func__, -ret);