httpd-cvs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From traw...@apache.org
Subject cvs commit: httpd-2.0/modules/ssl ssl_engine_kernel.c ssl_engine_vars.c ssl_toolkit_compat.h
Date Fri, 25 Oct 2002 21:44:29 GMT
trawick     2002/10/25 14:44:28

  Modified:    .        CHANGES
               modules/ssl ssl_engine_kernel.c ssl_engine_vars.c
                        ssl_toolkit_compat.h
  Log:
  mod_ssl uses free() inappropriately in several places, to free
  memory which has been previously allocated inside OpenSSL.
  Such memory should be freed with OPENSSL_free(), not with free().
  
  Submitted by: Nadav Har'El <nyh@math.technion.ac.il>,
                Madhusudan Mathihalli <madhusudan_mathihalli@hp.com>
  Reviewed by:  Jeff Trawick
  
  Revision  Changes    Path
  1.964     +6 -0      httpd-2.0/CHANGES
  
  Index: CHANGES
  ===================================================================
  RCS file: /home/cvs/httpd-2.0/CHANGES,v
  retrieving revision 1.963
  retrieving revision 1.964
  diff -u -r1.963 -r1.964
  --- CHANGES	25 Oct 2002 16:27:37 -0000	1.963
  +++ CHANGES	25 Oct 2002 21:44:28 -0000	1.964
  @@ -1,5 +1,11 @@
   Changes with Apache 2.0.44
   
  +  *) mod_ssl uses free() inappropriately in several places, to free
  +     memory which has been previously allocated inside OpenSSL.
  +     Such memory should be freed with OPENSSL_free(), not with free().
  +     [Nadav Har'El <nyh@math.technion.ac.il>,
  +      Madhusudan Mathihalli <madhusudan_mathihalli@hp.com>].
  +
     *) Emit a message to the error log when we return 404 because
        the URI contained '%2f'.  (This was previously nastily silent
        and difficult to debug.)  [Ken Coar]
  
  
  
  1.79      +5 -4      httpd-2.0/modules/ssl/ssl_engine_kernel.c
  
  Index: ssl_engine_kernel.c
  ===================================================================
  RCS file: /home/cvs/httpd-2.0/modules/ssl/ssl_engine_kernel.c,v
  retrieving revision 1.78
  retrieving revision 1.79
  diff -u -r1.78 -r1.79
  --- ssl_engine_kernel.c	14 Oct 2002 04:15:58 -0000	1.78
  +++ ssl_engine_kernel.c	25 Oct 2002 21:44:28 -0000	1.79
  @@ -968,7 +968,7 @@
           X509_NAME *name = X509_get_subject_name(sslconn->client_cert);
           char *cp = X509_NAME_oneline(name, NULL, 0);
           sslconn->client_dn = apr_pstrdup(r->connection->pool, cp);
  -        free(cp);
  +        modssl_free(cp);
       }
   
       clientdn = (char *)sslconn->client_dn;
  @@ -1299,11 +1299,11 @@
                        iname ? iname : "-unknown-");
   
           if (sname) {
  -            free(sname);
  +            modssl_free(sname);
           }
   
           if (iname) {
  -            free(iname);
  +            modssl_free(iname);
           }
       }
   
  @@ -1555,7 +1555,7 @@
                                    "Certificate with serial %ld (0x%lX) "
                                    "revoked per CRL from issuer %s",
                                    serial, serial, cp);
  -                    free(cp);
  +                    modssl_free(cp);
                   }
   
                   X509_STORE_CTX_set_error(ctx, X509_V_ERR_CERT_REVOKED);
  @@ -1593,6 +1593,7 @@
       ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, s,
                    SSLPROXY_CERT_CB_LOG_FMT "%s, sending %s", 
                    sc->vhost_id, msg, dn ? dn : "-uknown-");
  +    modssl_free(dn);
   }
   
   /*
  
  
  
  1.21      +2 -2      httpd-2.0/modules/ssl/ssl_engine_vars.c
  
  Index: ssl_engine_vars.c
  ===================================================================
  RCS file: /home/cvs/httpd-2.0/modules/ssl/ssl_engine_vars.c,v
  retrieving revision 1.20
  retrieving revision 1.21
  diff -u -r1.20 -r1.21
  --- ssl_engine_vars.c	28 May 2002 21:47:31 -0000	1.20
  +++ ssl_engine_vars.c	25 Oct 2002 21:44:28 -0000	1.21
  @@ -334,7 +334,7 @@
           xsname = X509_get_subject_name(xs);
           cp = X509_NAME_oneline(xsname, NULL, 0);
           result = apr_pstrdup(p, cp);
  -        free(cp);
  +        modssl_free(cp);
           resdup = FALSE;
       }
       else if (strlen(var) > 5 && strcEQn(var, "S_DN_", 5)) {
  @@ -346,7 +346,7 @@
           xsname = X509_get_issuer_name(xs);
           cp = X509_NAME_oneline(xsname, NULL, 0);
           result = apr_pstrdup(p, cp);
  -        free(cp);
  +        modssl_free(cp);
           resdup = FALSE;
       }
       else if (strlen(var) > 5 && strcEQn(var, "I_DN_", 5)) {
  
  
  
  1.26      +4 -0      httpd-2.0/modules/ssl/ssl_toolkit_compat.h
  
  Index: ssl_toolkit_compat.h
  ===================================================================
  RCS file: /home/cvs/httpd-2.0/modules/ssl/ssl_toolkit_compat.h,v
  retrieving revision 1.25
  retrieving revision 1.26
  diff -u -r1.25 -r1.26
  --- ssl_toolkit_compat.h	21 Aug 2002 19:12:46 -0000	1.25
  +++ ssl_toolkit_compat.h	25 Oct 2002 21:44:28 -0000	1.26
  @@ -105,6 +105,8 @@
   
   #define modssl_set_cipher_list SSL_set_cipher_list
   
  +#define modssl_free OPENSSL_free
  +
   #define EVP_PKEY_reference_inc(pkey) \
      CRYPTO_add(&((pkey)->references), +1, CRYPTO_LOCK_X509_PKEY)
   
  @@ -147,6 +149,8 @@
   
   #define modssl_set_cipher_list(ssl, l) \
      SSL_set_cipher_list(ssl, (char *)l)
  +
  +#define modssl_free free
   
   #ifndef PEM_F_DEF_CALLBACK
   #define PEM_F_DEF_CALLBACK PEM_F_DEF_CB
  
  
  

Mime
View raw message