Return-Path: 
 <cvs-return-13709-apmail-httpd-cvs-archive=httpd.apache.org@httpd.apache.org>
Delivered-To: apmail-httpd-cvs-archive@httpd.apache.org
Received: (qmail 43264 invoked by uid 500); 29 Oct 2002 21:12:37 -0000
Mailing-List: contact cvs-help@httpd.apache.org; run by ezmlm
Precedence: bulk
Reply-To: dev@httpd.apache.org
list-help: <mailto:cvs-help@httpd.apache.org>
list-unsubscribe: <mailto:cvs-unsubscribe@httpd.apache.org>
list-post: <mailto:cvs@httpd.apache.org>
Delivered-To: mailing list cvs@httpd.apache.org
Received: (qmail 43252 invoked by uid 500); 29 Oct 2002 21:12:36 -0000
Delivered-To: apmail-httpd-2.0-cvs@apache.org
Date: 29 Oct 2002 21:12:35 -0000
Message-ID: <20021029211235.66588.qmail@icarus.apache.org>
From: wrowe@apache.org
To: httpd-2.0-cvs@apache.org
Subject: cvs commit: httpd-2.0/modules/ssl ssl_engine_init.c
X-Spam-Rating: daedalus.apache.org 1.6.2 0/1000/N

wrowe       2002/10/29 13:12:35

  Modified:    .        CHANGES
               modules/ssl ssl_engine_init.c
  Log:
    Fix memory leak in mod_ssl from internal SSL library allocations
    within SSL_get_peer_certificate and X509_get_pubkey.
  
  Submitted by:	Zvi Har'El <rl@math.technion.ac.il>
  Reviewed by:	Madhusudan Mathihalli <madhusudan_mathihalli@hp.com>
  
  Revision  Changes    Path
  1.965     +5 -0      httpd-2.0/CHANGES
  
  Index: CHANGES
  ===================================================================
  RCS file: /home/cvs/httpd-2.0/CHANGES,v
  retrieving revision 1.964
  retrieving revision 1.965
  diff -u -r1.964 -r1.965
  --- CHANGES	25 Oct 2002 21:44:28 -0000	1.964
  +++ CHANGES	29 Oct 2002 21:12:33 -0000	1.965
  @@ -1,5 +1,10 @@
   Changes with Apache 2.0.44
   
  +  *) Fix memory leak in mod_ssl from internal SSL library allocations
  +     within SSL_get_peer_certificate and X509_get_pubkey.
  +     [Zvi Har'El <rl@math.technion.ac.il>
  +      Madhusudan Mathihalli <madhusudan_mathihalli@hp.com>].
  +
     *) mod_ssl uses free() inappropriately in several places, to free
        memory which has been previously allocated inside OpenSSL.
        Such memory should be freed with OPENSSL_free(), not with free().
  
  
  
  1.105     +1 -0      httpd-2.0/modules/ssl/ssl_engine_init.c
  
  Index: ssl_engine_init.c
  ===================================================================
  RCS file: /home/cvs/httpd-2.0/modules/ssl/ssl_engine_init.c,v
  retrieving revision 1.104
  retrieving revision 1.105
  diff -u -r1.104 -r1.105
  --- ssl_engine_init.c	14 Oct 2002 04:15:58 -0000	1.104
  +++ ssl_engine_init.c	29 Oct 2002 21:12:34 -0000	1.105
  @@ -807,6 +807,7 @@
               ap_log_error(APLOG_MARK, APLOG_ERR, 0, s,
                       "Copying DSA parameters from private key to certificate");
               ssl_log_ssl_error(APLOG_MARK, APLOG_ERR, s);
  +            EVP_PKEY_free(pubkey);
           }
       }