Close several small leaks in SSL.

Submitted by: Zvi Har'El <rl@math.technion.ac.il>
Reviewed by: Madhusudan Mathihalli <madhusudan_mathihalli@hp.com>


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@97340 13f79535-47bb-0310-9956-ffa450edef68

modules/ssl/mod_ssl.c

@@ -531,6 +531,7 @@ int ssl_hook_process_connection(SSLFilterRec *filter)
         if ((cert = SSL_get_peer_certificate(filter->pssl))) {
             sslconn->client_cert = cert;
             sslconn->client_dn = NULL;
+            X509_free(cert);
         }
 
         /*

modules/ssl/ssl_engine_kernel.c

@@ -545,9 +545,10 @@ int ssl_hook_Access(request_rec *r)
 
                 if ((dc->nOptions & SSL_OPT_OPTRENEGOTIATE) &&
                     (verify_old == SSL_VERIFY_NONE) &&
-                    SSL_get_peer_certificate(ssl))
+                    ((cert = SSL_get_peer_certificate(ssl)) != NULL))
                 {
                     renegotiate_quick = TRUE;
+                    X509_free(cert);
                 }
 
                 ap_log_error(APLOG_MARK, APLOG_DEBUG, 0,
@@ -817,6 +818,7 @@ int ssl_hook_Access(request_rec *r)
         if ((cert = SSL_get_peer_certificate(ssl))) {
             sslconn->client_cert = cert;
             sslconn->client_dn = NULL;
+            X509_free(cert);
         }
 
         /*
@@ -833,7 +835,8 @@ int ssl_hook_Access(request_rec *r)
                 return HTTP_FORBIDDEN;
             }
 
-            if (do_verify && !SSL_get_peer_certificate(ssl)) {
+            if (do_verify &&
+                ((cert = SSL_get_peer_certificate(ssl)) == NULL)) {
                 ap_log_error(APLOG_MARK, APLOG_ERR, 0, r->server,
                              "Re-negotiation handshake failed: "
                              "Client certificate missing");
@@ -1399,6 +1402,7 @@ int ssl_callback_SSLVerify_CRL(int ok, X509_STORE_CTX *ctx, conn_rec *c)
     X509_NAME *subject, *issuer;
     X509 *cert;
     X509_CRL *crl;
+    EVP_PKEY *pubkey;
     int i, n, rc;
 
     /*
@@ -1485,16 +1489,22 @@ int ssl_callback_SSLVerify_CRL(int ok, X509_STORE_CTX *ctx, conn_rec *c)
         /*
          * Verify the signature on this CRL
          */
-        if (X509_CRL_verify(crl, X509_get_pubkey(cert)) <= 0) {
+        pubkey = X509_get_pubkey(cert);
+        if (X509_CRL_verify(crl, pubkey) <= 0) {
             ap_log_error(APLOG_MARK, APLOG_WARNING, 0, s,
                          "Invalid signature on CRL");
 
             X509_STORE_CTX_set_error(ctx, X509_V_ERR_CRL_SIGNATURE_FAILURE);
             X509_OBJECT_free_contents(&obj);
+            if (pubkey)
+                EVP_PKEY_free(pubkey);
 
             return FALSE;
         }
 
+        if (pubkey)
+            EVP_PKEY_free(pubkey);
+
         /*
          * Check date of CRL to make sure it's not expired
          */

modules/ssl/ssl_engine_vars.c

@@ -296,8 +296,10 @@ static char *ssl_var_lookup_ssl(apr_pool_t *p, conn_rec *c, char *var)
         result = ssl_var_lookup_ssl_cert_verify(p, c);
     }
     else if (ssl != NULL && strlen(var) > 7 && strcEQn(var, "CLIENT_", 7)) {
-        if ((xs = SSL_get_peer_certificate(ssl)) != NULL)
+        if ((xs = SSL_get_peer_certificate(ssl)) != NULL) {
             result = ssl_var_lookup_ssl_cert(p, xs, var+7);
+            X509_free(xs);
+        }
     }
     else if (ssl != NULL && strlen(var) > 7 && strcEQn(var, "SERVER_", 7)) {
         if ((xs = SSL_get_certificate(ssl)) != NULL)
@@ -536,6 +538,9 @@ static char *ssl_var_lookup_ssl_cert_verify(apr_pool_t *p, conn_rec *c)
     else
         /* client verification failed */
         result = apr_psprintf(p, "FAILED:%s", verr);
+
+    if (xs)
+        X509_free(xs);
     return result;
 }