activemq-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From tab...@apache.org
Subject activemq-cpp git commit: AMQCPP-623 AMQCPP-622 Fix OpenSSL issues
Date Mon, 22 Jan 2018 22:03:40 GMT
Repository: activemq-cpp
Updated Branches:
  refs/heads/master 4d010e12f -> 46db7293d


AMQCPP-623 AMQCPP-622 Fix OpenSSL issues

Fix possible memory leak and address issues with build on newer
releases.
(cherry picked from commit 0eb4320503f34d90f2668211486e97974f926918)


Project: http://git-wip-us.apache.org/repos/asf/activemq-cpp/repo
Commit: http://git-wip-us.apache.org/repos/asf/activemq-cpp/commit/46db7293
Tree: http://git-wip-us.apache.org/repos/asf/activemq-cpp/tree/46db7293
Diff: http://git-wip-us.apache.org/repos/asf/activemq-cpp/diff/46db7293

Branch: refs/heads/master
Commit: 46db7293dc0dbebc7efdb39a20c1ea26da48bc53
Parents: 4d010e1
Author: Timothy Bish <tabish121@gmail.com>
Authored: Mon Jan 22 17:03:04 2018 -0500
Committer: Timothy Bish <tabish121@gmail.com>
Committed: Mon Jan 22 17:03:35 2018 -0500

----------------------------------------------------------------------
 .../internal/net/ssl/openssl/OpenSSLSocket.cpp  | 35 ++++++++++++++------
 1 file changed, 25 insertions(+), 10 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/activemq-cpp/blob/46db7293/activemq-cpp/src/main/decaf/internal/net/ssl/openssl/OpenSSLSocket.cpp
----------------------------------------------------------------------
diff --git a/activemq-cpp/src/main/decaf/internal/net/ssl/openssl/OpenSSLSocket.cpp b/activemq-cpp/src/main/decaf/internal/net/ssl/openssl/OpenSSLSocket.cpp
index aedd2d4..ffa39c7 100644
--- a/activemq-cpp/src/main/decaf/internal/net/ssl/openssl/OpenSSLSocket.cpp
+++ b/activemq-cpp/src/main/decaf/internal/net/ssl/openssl/OpenSSLSocket.cpp
@@ -658,28 +658,43 @@ void OpenSSLSocket::verifyServerCert(const std::string& serverName)
{
         const char* extensionName = OBJ_nid2sn(OBJ_obj2nid(X509_EXTENSION_get_object(extension)));
 
         if (StringUtils::compare("subjectAltName", extensionName) == 0) {
-
             X509V3_EXT_METHOD* method = (X509V3_EXT_METHOD*) X509V3_EXT_get(extension);
             if (method == NULL) {
                 break;
             }
 
-            const unsigned char* data = extension->value->data;
-            STACK_OF(CONF_VALUE)* confValue = method->i2v(method,
-                    method->it ?
-                            ASN1_item_d2i(NULL, &data, extension->value->length,
ASN1_ITEM_ptr(method->it)) :
-                            method->d2i(NULL, &data, extension->value->length),
NULL);
+            bool found = false;
+            const unsigned char* data = ASN1_STRING_data(X509_EXTENSION_get_data(extension));
+            long length = ASN1_STRING_length(X509_EXTENSION_get_data(extension));
+            void* ext_data;
+
+            if (method->it) {
+                ext_data = ASN1_item_d2i(NULL, &data, length, ASN1_ITEM_ptr(method->it));
+            } else {
+                ext_data = method->d2i(NULL, &data, length);
+            }
+            STACK_OF(CONF_VALUE)* confValue = method->i2v(method, ext_data, NULL);
 
             CONF_VALUE* value = NULL;
 
             for (int iy = 0; iy < sk_CONF_VALUE_num( confValue ); iy++) {
-                value = sk_CONF_VALUE_value( confValue, iy );
+                value = sk_CONF_VALUE_value(confValue, iy);
                 if ((StringUtils::compare(value->name, "DNS") == 0) && StringUtils::compare(value->value,
serverName.c_str()) == 0) {
-
-                    // Found it.
-                    return;
+                    found = true;
+                    break;
                 }
             }
+
+            sk_CONF_VALUE_pop_free(confValue, X509V3_conf_free);
+            if (method->it) {
+                ASN1_item_free((ASN1_VALUE*)ext_data, ASN1_ITEM_ptr(method->it));
+            } else {
+                method->ext_free(ext_data);
+            }
+
+            if (found) {
+                return;
+            }
         }
     }
 


Mime
View raw message