From 067c217ce430dac1c45ea6d2d63df71e54714d73 Mon Sep 17 00:00:00 2001 From: "William A. Rowe Jr" Date: Sat, 5 Apr 2003 19:04:44 +0000 Subject: [PATCH] Reapply the fix *intended* by rev 1.79 in a safer manner. Prior to all assignments and the final SSL_free(), free ssl_conn->client_cert to avoid leaks of this refcounted X509*. Prereleasing refcounted objects is unsafe programming; fix applied to both branches. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@99252 13f79535-47bb-0310-9956-ffa450edef68 --- modules/ssl/ssl_engine_io.c | 8 +++++++- modules/ssl/ssl_engine_kernel.c | 8 +++++++- 2 files changed, 14 insertions(+), 2 deletions(-) diff --git a/modules/ssl/ssl_engine_io.c b/modules/ssl/ssl_engine_io.c index 1b44d1f346..2bf7221d5b 100644 --- a/modules/ssl/ssl_engine_io.c +++ b/modules/ssl/ssl_engine_io.c @@ -995,6 +995,10 @@ static apr_status_t ssl_filter_io_shutdown(ssl_filter_ctx_t *filter_ctx, } /* deallocate the SSL connection */ + if (sslconn->client_cert) { + X509_free(sslconn->client_cert); + sslconn->client_cert = NULL; + } SSL_free(ssl); sslconn->ssl = NULL; filter_ctx->pssl = NULL; /* so filters know we've been shutdown */ @@ -1161,9 +1165,11 @@ static int ssl_io_filter_connect(ssl_filter_ctx_t *filter_ctx) * Remember the peer certificate's DN */ if ((cert = SSL_get_peer_certificate(filter_ctx->pssl))) { + if (sslconn->client_cert) { + X509_free(sslconn->client_cert); + } sslconn->client_cert = cert; sslconn->client_dn = NULL; - X509_free(cert); } /* diff --git a/modules/ssl/ssl_engine_kernel.c b/modules/ssl/ssl_engine_kernel.c index dfcd5e5f59..831c3a2aaa 100644 --- a/modules/ssl/ssl_engine_kernel.c +++ b/modules/ssl/ssl_engine_kernel.c @@ -728,6 +728,9 @@ int ssl_hook_Access(request_rec *r) * Remember the peer certificate's DN */ if ((cert = SSL_get_peer_certificate(ssl))) { + if (sslconn->client_cert) { + X509_free(sslconn->client_cert); + } sslconn->client_cert = cert; sslconn->client_dn = NULL; } @@ -1276,8 +1279,11 @@ int ssl_callback_SSLVerify(int ok, X509_STORE_CTX *ctx) "Certificate Verification: Error (%d): %s", errnum, X509_verify_cert_error_string(errnum)); + if (sslconn->client_cert) { + X509_free(sslconn->client_cert); + sslconn->client_cert = NULL; + } sslconn->client_dn = NULL; - sslconn->client_cert = NULL; sslconn->verify_error = X509_verify_cert_error_string(errnum); } -- 2.50.1