Fix memory leak in mod_ssl from internal SSL library allocations

within SSL_get_peer_certificate and X509_get_pubkey. Submitted by: Zvi Har'El <rl@math.technion.ac.il> Reviewed by: Madhusudan Mathihalli <madhusudan_mathihalli@hp.com> git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@97344 13f79535-47bb-0310-9956-ffa450edef68
2025-08-07 04:02:58 +03:00 · 2002-10-29 21:12:34 +00:00
parent 7687370549
commit ac212ecc65
2 changed files with 6 additions and 0 deletions
--- a/5
+++ b/5
@@ -1,5 +1,10 @@
 Changes with Apache 2.0.44

+  *) Fix memory leak in mod_ssl from internal SSL library allocations
+     within SSL_get_peer_certificate and X509_get_pubkey.
+     [Zvi Har'El <rl@math.technion.ac.il>
+      Madhusudan Mathihalli <madhusudan_mathihalli@hp.com>].
+
  *) mod_ssl uses free() inappropriately in several places, to free
     memory which has been previously allocated inside OpenSSL.
     Such memory should be freed with OPENSSL_free(), not with free().
--- a/modules/ssl/ssl_engine_init.c
+++ b/modules/ssl/ssl_engine_init.c
@@ -807,6 +807,7 @@ static int ssl_server_import_key(server_rec *s,
            ap_log_error(APLOG_MARK, APLOG_ERR, 0, s,
                    "Copying DSA parameters from private key to certificate");
            ssl_log_ssl_error(APLOG_MARK, APLOG_ERR, s);
+            EVP_PKEY_free(pubkey);
        }
    }