memory which has been previously allocated inside OpenSSL.
Such memory should be freed with OPENSSL_free(), not with free().
Submitted by: Nadav Har'El <nyh@math.technion.ac.il>,
Madhusudan Mathihalli <madhusudan_mathihalli@hp.com>
Reviewed by: Jeff Trawick
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@97307
13f79535-47bb-0310-9956-
ffa450edef68
Changes with Apache 2.0.44
+ *) mod_ssl uses free() inappropriately in several places, to free
+ memory which has been previously allocated inside OpenSSL.
+ Such memory should be freed with OPENSSL_free(), not with free().
+ [Nadav Har'El <nyh@math.technion.ac.il>,
+ Madhusudan Mathihalli <madhusudan_mathihalli@hp.com>].
+
*) Emit a message to the error log when we return 404 because
the URI contained '%2f'. (This was previously nastily silent
and difficult to debug.) [Ken Coar]
X509_NAME *name = X509_get_subject_name(sslconn->client_cert);
char *cp = X509_NAME_oneline(name, NULL, 0);
sslconn->client_dn = apr_pstrdup(r->connection->pool, cp);
- free(cp);
+ modssl_free(cp);
}
clientdn = (char *)sslconn->client_dn;
iname ? iname : "-unknown-");
if (sname) {
- free(sname);
+ modssl_free(sname);
}
if (iname) {
- free(iname);
+ modssl_free(iname);
}
}
"Certificate with serial %ld (0x%lX) "
"revoked per CRL from issuer %s",
serial, serial, cp);
- free(cp);
+ modssl_free(cp);
}
X509_STORE_CTX_set_error(ctx, X509_V_ERR_CERT_REVOKED);
ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, s,
SSLPROXY_CERT_CB_LOG_FMT "%s, sending %s",
sc->vhost_id, msg, dn ? dn : "-uknown-");
+ modssl_free(dn);
}
/*
xsname = X509_get_subject_name(xs);
cp = X509_NAME_oneline(xsname, NULL, 0);
result = apr_pstrdup(p, cp);
- free(cp);
+ modssl_free(cp);
resdup = FALSE;
}
else if (strlen(var) > 5 && strcEQn(var, "S_DN_", 5)) {
xsname = X509_get_issuer_name(xs);
cp = X509_NAME_oneline(xsname, NULL, 0);
result = apr_pstrdup(p, cp);
- free(cp);
+ modssl_free(cp);
resdup = FALSE;
}
else if (strlen(var) > 5 && strcEQn(var, "I_DN_", 5)) {
#define modssl_set_cipher_list SSL_set_cipher_list
+#define modssl_free OPENSSL_free
+
#define EVP_PKEY_reference_inc(pkey) \
CRYPTO_add(&((pkey)->references), +1, CRYPTO_LOCK_X509_PKEY)
#define modssl_set_cipher_list(ssl, l) \
SSL_set_cipher_list(ssl, (char *)l)
+#define modssl_free free
+
#ifndef PEM_F_DEF_CALLBACK
#define PEM_F_DEF_CALLBACK PEM_F_DEF_CB
#endif
projects / apache / commitdiff