plug leak in ssl_init_FindCAList() where return value of

X509_NAME_oneline() used for trace logging was not freed. now passes in a static buffer so no buffer is malloced. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@93633 13f79535-47bb-0310-9956-ffa450edef68
2025-07-30 20:03:10 +03:00 · 2002-02-28 04:59:07 +00:00
parent 161b60fcff
commit 2ed45ef1b1
1 changed files with 2 additions and 1 deletions
--- a/modules/ssl/ssl_engine_init.c
+++ b/modules/ssl/ssl_engine_init.c
@ -856,11 +856,12 @@ static void ssl_init_PushCAList(STACK_OF(X509_NAME) *skCAList,
    sk = (STACK_OF(X509_NAME) *)SSL_load_client_CA_file(file);

    for (n = 0; sk != NULL && n < sk_X509_NAME_num(sk); n++) {
+        char name_buf[256];
        X509_NAME *name = sk_X509_NAME_value(sk, n);

        ssl_log(s, SSL_LOG_TRACE,
                "CA certificate: %s",
-                X509_NAME_oneline(name, NULL, 0));
+                X509_NAME_oneline(name, name_buf, sizeof(name_buf)));

        if (sk_X509_NAME_find(skCAList, name) < 0) {
            /* this will be freed when skCAList is */