From f6b252e3a292e4b64dcac689d2285fb87933bafe Mon Sep 17 00:00:00 2001 From: Yann Ylavic Date: Wed, 15 Apr 2020 12:25:27 +0000 Subject: [PATCH] mod_ssl: Fix memory leak in stapling code. PR63687. Free issuer's X509 in ssl_stapling_init_cert()'s early return paths. Submitted by: icing git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1876548 13f79535-47bb-0310-9956-ffa450edef68 --- CHANGES | 2 ++ modules/ssl/ssl_util_stapling.c | 28 +++++++++++++++++----------- 2 files changed, 19 insertions(+), 11 deletions(-) diff --git a/CHANGES b/CHANGES index 9c5f258877..245f399f41 100644 --- a/CHANGES +++ b/CHANGES @@ -1,6 +1,8 @@ -*- coding: utf-8 -*- Changes with Apache 2.5.1 + *) mod_ssl: Fix memory leak in stapling code. PR63687. [Stefan Eissing] + *) mod_proxy: Allow ProxyErrorOverride to be restricted to specific status codes. PR63628. [Martin Drößler ] diff --git a/modules/ssl/ssl_util_stapling.c b/modules/ssl/ssl_util_stapling.c index 46a3971bac..a8e5d5d61b 100644 --- a/modules/ssl/ssl_util_stapling.c +++ b/modules/ssl/ssl_util_stapling.c @@ -130,6 +130,7 @@ int ssl_stapling_init_cert(server_rec *s, apr_pool_t *p, apr_pool_t *ptemp, X509 *issuer = NULL; OCSP_CERTID *cid = NULL; STACK_OF(OPENSSL_STRING) *aia = NULL; + int rv = 1; /* until further notice */ if (x == NULL) return 0; @@ -154,16 +155,18 @@ int ssl_stapling_init_cert(server_rec *s, apr_pool_t *p, apr_pool_t *ptemp, SSL_CTX_set_tlsext_status_cb(mctx->ssl_ctx, stapling_cb); ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, s, APLOGNO(10177) "OCSP stapling added via hook"); } - return 1; + goto cleanup; } if (mctx->stapling_enabled != TRUE) { /* mod_ssl's own implementation is not enabled */ - return 1; + goto cleanup; } - if (X509_digest(x, EVP_sha1(), idx, NULL) != 1) - return 0; + if (X509_digest(x, EVP_sha1(), idx, NULL) != 1) { + rv = 0; + goto cleanup; + } cinf = apr_hash_get(stapling_certinfo, idx, sizeof(idx)); if (cinf) { @@ -177,18 +180,18 @@ int ssl_stapling_init_cert(server_rec *s, apr_pool_t *p, apr_pool_t *ptemp, APLOGNO(02814) "ssl_stapling_init_cert: no OCSP URI " "in certificate and no SSLStaplingForceURL " "configured for server %s", mctx->sc->vhost_id); - return 0; + rv = 0; } - return 1; + goto cleanup; } cid = OCSP_cert_to_id(NULL, x, issuer); - X509_free(issuer); if (!cid) { ssl_log_xerror(SSLLOG_MARK, APLOG_ERR, 0, ptemp, s, x, APLOGNO(02815) "ssl_stapling_init_cert: can't create CertID " "for OCSP request"); - return 0; + rv = 0; + goto cleanup; } aia = X509_get1_ocsp(x); @@ -197,7 +200,8 @@ int ssl_stapling_init_cert(server_rec *s, apr_pool_t *p, apr_pool_t *ptemp, ssl_log_xerror(SSLLOG_MARK, APLOG_ERR, 0, ptemp, s, x, APLOGNO(02218) "ssl_stapling_init_cert: no OCSP URI " "in certificate and no SSLStaplingForceURL set"); - return 0; + rv = 0; + goto cleanup; } /* At this point, we have determined that there's something to store */ @@ -218,8 +222,10 @@ int ssl_stapling_init_cert(server_rec *s, apr_pool_t *p, apr_pool_t *ptemp, mctx->sc->vhost_id); apr_hash_set(stapling_certinfo, cinf->idx, sizeof(cinf->idx), cinf); - - return 1; + +cleanup: + X509_free(issuer); + return rv; } static certinfo *stapling_get_certinfo(server_rec *s, X509 *x, modssl_ctx_t *mctx,