www/apache
1
0
Fork 0
mirror of https://github.com/apache/httpd.git synced 2025-08-08 15:02:10 +03:00
Code Activity

Reapply the fix *intended* by rev 1.79 in a safer manner. Prior to

Browse Source 
all assignments and the final SSL_free(), free ssl_conn->client_cert
  to avoid leaks of this refcounted X509*.  Prereleasing refcounted
  objects is unsafe programming; fix applied to both branches.


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@99252 13f79535-47bb-0310-9956-ffa450edef68
This commit is contained in:
William A. Rowe Jr
2003-04-05 19:04:44 +00:00
parent f2b610bc53
commit 067c217ce4
2 changed files with 14 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
modules/ssl/ssl_engine_io.c
View File

@@ -995,6 +995,10 @@ static apr_status_t ssl_filter_io_shutdown(ssl_filter_ctx_t *filter_ctx,
} }
/* deallocate the SSL connection */ /* deallocate the SSL connection */
if (sslconn->client_cert) {
X509_free(sslconn->client_cert);
sslconn->client_cert = NULL;
}
SSL_free(ssl); SSL_free(ssl);
sslconn->ssl = NULL; sslconn->ssl = NULL;
filter_ctx->pssl = NULL; /* so filters know we've been shutdown */ filter_ctx->pssl = NULL; /* so filters know we've been shutdown */
@@ -1161,9 +1165,11 @@ static int ssl_io_filter_connect(ssl_filter_ctx_t *filter_ctx)
* Remember the peer certificate's DN * Remember the peer certificate's DN
*/ */
if ((cert = SSL_get_peer_certificate(filter_ctx->pssl))) { if ((cert = SSL_get_peer_certificate(filter_ctx->pssl))) {
if (sslconn->client_cert) {
X509_free(sslconn->client_cert);
}
sslconn->client_cert = cert; sslconn->client_cert = cert;
sslconn->client_dn = NULL; sslconn->client_dn = NULL;
X509_free(cert);
} }
/* /*

8
modules/ssl/ssl_engine_kernel.c
View File

@@ -728,6 +728,9 @@ int ssl_hook_Access(request_rec *r)
* Remember the peer certificate's DN * Remember the peer certificate's DN
*/ */
if ((cert = SSL_get_peer_certificate(ssl))) { if ((cert = SSL_get_peer_certificate(ssl))) {
if (sslconn->client_cert) {
X509_free(sslconn->client_cert);
}
sslconn->client_cert = cert; sslconn->client_cert = cert;
sslconn->client_dn = NULL; sslconn->client_dn = NULL;
} }
@@ -1276,8 +1279,11 @@ int ssl_callback_SSLVerify(int ok, X509_STORE_CTX *ctx)
"Certificate Verification: Error (%d): %s", "Certificate Verification: Error (%d): %s",
errnum, X509_verify_cert_error_string(errnum)); errnum, X509_verify_cert_error_string(errnum));
sslconn->client_dn = NULL; if (sslconn->client_cert) {
X509_free(sslconn->client_cert);
sslconn->client_cert = NULL; sslconn->client_cert = NULL;
}
sslconn->client_dn = NULL;
sslconn->verify_error = X509_verify_cert_error_string(errnum); sslconn->verify_error = X509_verify_cert_error_string(errnum);
} }