From 9d95c912b5843e664c8210887a6719f02a9028be Mon Sep 17 00:00:00 2001
From: Nikos Mavrogiannopoulos <nmav@redhat.com>
Date: Wed, 24 May 2017 10:46:03 +0200
Subject: [PATCH 1/3] ext/status_request: ensure response IDs are properly
 deinitialized

That is, do not attempt to loop through the array if there is no array
allocated.

Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
---
 lib/ext/status_request.c | 17 +++++++++++------
 1 file changed, 11 insertions(+), 6 deletions(-)

diff --git a/lib/ext/status_request.c b/lib/ext/status_request.c
index 8cefc617e..1340dbbb5 100644
--- a/lib/ext/status_request.c
+++ b/lib/ext/status_request.c
@@ -68,7 +68,10 @@ typedef struct {
 
 static void deinit_responder_id(status_request_ext_st *priv)
 {
-unsigned i;
+	unsigned i;
+
+	if (priv->responder_id == NULL)
+		return;
 
 	for (i = 0; i < priv->responder_id_size; i++)
 		gnutls_free(priv->responder_id[i].data);
@@ -134,6 +137,7 @@ server_recv(gnutls_session_t session,
 {
 	size_t i;
 	ssize_t data_size = size;
+	unsigned responder_ids = 0;
 
 	/* minimum message is type (1) + responder_id_list (2) +
 	   request_extension (2) = 5 */
@@ -152,23 +156,24 @@ server_recv(gnutls_session_t session,
 	DECR_LEN(data_size, 1);
 	data++;
 
-	priv->responder_id_size = _gnutls_read_uint16(data);
+	responder_ids = _gnutls_read_uint16(data);
 
 	DECR_LEN(data_size, 2);
 	data += 2;
 
-	if (data_size <= (ssize_t) (priv->responder_id_size * 2))
+	if (data_size <= (ssize_t) (responder_ids * 2))
 		return
 		    gnutls_assert_val(GNUTLS_E_RECEIVED_ILLEGAL_PARAMETER);
 
-	if (priv->responder_id != NULL)
-		deinit_responder_id(priv);
+	deinit_responder_id(priv);
 
-	priv->responder_id = gnutls_calloc(1, priv->responder_id_size
+	priv->responder_id = gnutls_calloc(1, responder_ids
 					   * sizeof(*priv->responder_id));
 	if (priv->responder_id == NULL)
 		return gnutls_assert_val(GNUTLS_E_MEMORY_ERROR);
 
+	priv->responder_id_size = responder_ids;
+
 	for (i = 0; i < priv->responder_id_size; i++) {
 		size_t l;
 
-- 
2.11.0