www/apache
1
0
Fork 0
mirror of https://github.com/apache/httpd.git synced 2025-08-08 15:02:10 +03:00
Code Activity

Close several small leaks in SSL.

Browse Source 
Submitted by: Zvi Har'El <rl@math.technion.ac.il>
Reviewed by: Madhusudan Mathihalli <madhusudan_mathihalli@hp.com>


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@97340 13f79535-47bb-0310-9956-ffa450edef68
This commit is contained in:
William A. Rowe Jr
2002-10-29 03:52:22 +00:00
parent 1129d24efb
commit 84a5feff3b
3 changed files with 20 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
modules/ssl/mod_ssl.c
View File

@@ -531,6 +531,7 @@ int ssl_hook_process_connection(SSLFilterRec *filter)
if ((cert = SSL_get_peer_certificate(filter->pssl))) {
sslconn->client_cert = cert;
sslconn->client_dn = NULL;
X509_free(cert);
}
/*

16
modules/ssl/ssl_engine_kernel.c
View File

@@ -545,9 +545,10 @@ int ssl_hook_Access(request_rec *r)
if ((dc->nOptions & SSL_OPT_OPTRENEGOTIATE) &&
(verify_old == SSL_VERIFY_NONE) &&
SSL_get_peer_certificate(ssl))
((cert = SSL_get_peer_certificate(ssl)) != NULL))
{
renegotiate_quick = TRUE;
X509_free(cert);
}
ap_log_error(APLOG_MARK, APLOG_DEBUG, 0,
@@ -817,6 +818,7 @@ int ssl_hook_Access(request_rec *r)
if ((cert = SSL_get_peer_certificate(ssl))) {
sslconn->client_cert = cert;
sslconn->client_dn = NULL;
X509_free(cert);
}
/*
@@ -833,7 +835,8 @@ int ssl_hook_Access(request_rec *r)
return HTTP_FORBIDDEN;
}
if (do_verify && !SSL_get_peer_certificate(ssl)) {
if (do_verify &&
((cert = SSL_get_peer_certificate(ssl)) == NULL)) {
ap_log_error(APLOG_MARK, APLOG_ERR, 0, r->server,
"Re-negotiation handshake failed: "
"Client certificate missing");
@@ -1399,6 +1402,7 @@ int ssl_callback_SSLVerify_CRL(int ok, X509_STORE_CTX *ctx, conn_rec *c)
X509_NAME *subject, *issuer;
X509 *cert;
X509_CRL *crl;
EVP_PKEY *pubkey;
int i, n, rc;
/*
@@ -1485,16 +1489,22 @@ int ssl_callback_SSLVerify_CRL(int ok, X509_STORE_CTX *ctx, conn_rec *c)
/*
* Verify the signature on this CRL
*/
if (X509_CRL_verify(crl, X509_get_pubkey(cert)) <= 0) {
pubkey = X509_get_pubkey(cert);
if (X509_CRL_verify(crl, pubkey) <= 0) {
ap_log_error(APLOG_MARK, APLOG_WARNING, 0, s,
"Invalid signature on CRL");
X509_STORE_CTX_set_error(ctx, X509_V_ERR_CRL_SIGNATURE_FAILURE);
X509_OBJECT_free_contents(&obj);
if (pubkey)
EVP_PKEY_free(pubkey);
return FALSE;
}
if (pubkey)
EVP_PKEY_free(pubkey);
/*
* Check date of CRL to make sure it's not expired
*/

7
modules/ssl/ssl_engine_vars.c
View File

@@ -296,8 +296,10 @@ static char *ssl_var_lookup_ssl(apr_pool_t *p, conn_rec *c, char *var)
result = ssl_var_lookup_ssl_cert_verify(p, c);
}
else if (ssl != NULL && strlen(var) > 7 && strcEQn(var, "CLIENT_", 7)) {
if ((xs = SSL_get_peer_certificate(ssl)) != NULL)
if ((xs = SSL_get_peer_certificate(ssl)) != NULL) {
result = ssl_var_lookup_ssl_cert(p, xs, var+7);
X509_free(xs);
}
}
else if (ssl != NULL && strlen(var) > 7 && strcEQn(var, "SERVER_", 7)) {
if ((xs = SSL_get_certificate(ssl)) != NULL)
@@ -536,6 +538,9 @@ static char *ssl_var_lookup_ssl_cert_verify(apr_pool_t *p, conn_rec *c)
else
/* client verification failed */
result = apr_psprintf(p, "FAILED:%s", verr);
if (xs)
X509_free(xs);
return result;
}