From 6b26b549997657b656cc67a8a0dc58c74d732275 Mon Sep 17 00:00:00 2001
From: Joe Orton <jorton@apache.org>
Date: Wed, 25 Mar 2020 15:13:06 +0000
Subject: [PATCH] * modules/ssl/ssl_engine_vars.c (ssl_get_tls_cb): Fix leak of
 X509   struct when accessing SERVER_TLS_SERVER_END_POINT.

PR: 64264


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1875647 13f79535-47bb-0310-9956-ffa450edef68
---
 modules/ssl/ssl_engine_vars.c | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/modules/ssl/ssl_engine_vars.c b/modules/ssl/ssl_engine_vars.c
index 6c04f798d3..cabf08170f 100644
--- a/modules/ssl/ssl_engine_vars.c
+++ b/modules/ssl/ssl_engine_vars.c
@@ -102,6 +102,9 @@ static apr_status_t ssl_get_tls_cb(apr_pool_t *p, conn_rec *c, const char *type,
     }
     else if (strcEQ(type, "SERVER_TLS_SERVER_END_POINT")) {
         x = SSL_get_certificate(sslconn->ssl);
+        /* Increase refcount so X509_free below works for both client
+         * and server cases. */
+        if (x) X509_up_ref(x);
     }
     else if (strcEQ(type, "CLIENT_TLS_SERVER_END_POINT")) {
         x = SSL_get_peer_certificate(sslconn->ssl);
@@ -130,6 +133,8 @@ static apr_status_t ssl_get_tls_cb(apr_pool_t *p, conn_rec *c, const char *type,
         preflen = sizeof(TLS_SERVER_END_POINT_PREFIX) - 1;
         prefix = TLS_SERVER_END_POINT_PREFIX;
         data = cb;
+
+        X509_free(x);
     } 
     else {
         return APR_EGENERAL;