From 2ed45ef1b1e1134561a5712a365da1f48e328b16 Mon Sep 17 00:00:00 2001
From: Doug MacEachern <dougm@apache.org>
Date: Thu, 28 Feb 2002 04:59:07 +0000
Subject: [PATCH] plug leak in ssl_init_FindCAList() where return value of
 X509_NAME_oneline() used for trace logging was not freed. now passes in a
 static buffer so no buffer is malloced.

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@93633 13f79535-47bb-0310-9956-ffa450edef68
---
 modules/ssl/ssl_engine_init.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/modules/ssl/ssl_engine_init.c b/modules/ssl/ssl_engine_init.c
index c726254633..4107a891e6 100644
--- a/modules/ssl/ssl_engine_init.c
+++ b/modules/ssl/ssl_engine_init.c
@@ -856,11 +856,12 @@ static void ssl_init_PushCAList(STACK_OF(X509_NAME) *skCAList,
     sk = (STACK_OF(X509_NAME) *)SSL_load_client_CA_file(file);
 
     for (n = 0; sk != NULL && n < sk_X509_NAME_num(sk); n++) {
+        char name_buf[256];
         X509_NAME *name = sk_X509_NAME_value(sk, n);
 
         ssl_log(s, SSL_LOG_TRACE,
                 "CA certificate: %s",
-                X509_NAME_oneline(name, NULL, 0));
+                X509_NAME_oneline(name, name_buf, sizeof(name_buf)));
 
         if (sk_X509_NAME_find(skCAList, name) < 0) {
             /* this will be freed when skCAList is */
-- 
2.50.1