www/apache
1
0
Fork 0
mirror of https://github.com/apache/httpd.git synced 2025-08-08 15:02:10 +03:00
Code Activity

* modules/ssl/ssl_engine_vars.c (ssl_get_tls_cb): Fix leak of X509

Browse Source 
struct when accessing SERVER_TLS_SERVER_END_POINT.

PR: 64264


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1875647 13f79535-47bb-0310-9956-ffa450edef68
This commit is contained in:
Joe Orton
2020-03-25 15:13:06 +00:00
parent 7a5c965675
commit 6b26b54999
1 changed files with 5 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
modules/ssl/ssl_engine_vars.c
View File

@@ -102,6 +102,9 @@ static apr_status_t ssl_get_tls_cb(apr_pool_t *p, conn_rec *c, const char *type,
}
else if (strcEQ(type, "SERVER_TLS_SERVER_END_POINT")) {
x = SSL_get_certificate(sslconn->ssl);
/* Increase refcount so X509_free below works for both client
* and server cases. */
if (x) X509_up_ref(x);
}
else if (strcEQ(type, "CLIENT_TLS_SERVER_END_POINT")) {
x = SSL_get_peer_certificate(sslconn->ssl);
@@ -130,6 +133,8 @@ static apr_status_t ssl_get_tls_cb(apr_pool_t *p, conn_rec *c, const char *type,
preflen = sizeof(TLS_SERVER_END_POINT_PREFIX) - 1;
prefix = TLS_SERVER_END_POINT_PREFIX;
data = cb;
X509_free(x);
}
else {
return APR_EGENERAL;