mod_ssl uses free() inappropriately in several places, to free

memory which has been previously allocated inside OpenSSL. Such memory should be freed with OPENSSL_free(), not with free(). Submitted by: Nadav Har'El <nyh@math.technion.ac.il>, Madhusudan Mathihalli <madhusudan_mathihalli@hp.com> Reviewed by: Jeff Trawick git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@97307 13f79535-47bb-0310-9956-ffa450edef68
2025-08-08 15:02:10 +03:00 · 2002-10-25 21:44:28 +00:00
parent 20ea80fcd9
commit 8a0bef5873
4 changed files with 17 additions and 6 deletions
--- a/modules/ssl/ssl_engine_vars.c
+++ b/modules/ssl/ssl_engine_vars.c
@@ -334,7 +334,7 @@ static char *ssl_var_lookup_ssl_cert(apr_pool_t *p, X509 *xs, char *var)
        xsname = X509_get_subject_name(xs);
        cp = X509_NAME_oneline(xsname, NULL, 0);
        result = apr_pstrdup(p, cp);
-        free(cp);
+        modssl_free(cp);
        resdup = FALSE;
    }
    else if (strlen(var) > 5 && strcEQn(var, "S_DN_", 5)) {
@@ -346,7 +346,7 @@ static char *ssl_var_lookup_ssl_cert(apr_pool_t *p, X509 *xs, char *var)
        xsname = X509_get_issuer_name(xs);
        cp = X509_NAME_oneline(xsname, NULL, 0);
        result = apr_pstrdup(p, cp);
-        free(cp);
+        modssl_free(cp);
        resdup = FALSE;
    }
    else if (strlen(var) > 5 && strcEQn(var, "I_DN_", 5)) {