httpd-cvs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From wr...@apache.org
Subject cvs commit: httpd-2.0/modules/ssl ssl_engine_io.c ssl_engine_kernel.c
Date Sat, 05 Apr 2003 19:04:44 GMT
wrowe       2003/04/05 11:04:43

  Modified:    modules/ssl Tag: APACHE_2_0_BRANCH ssl_engine_io.c
                        ssl_engine_kernel.c
  Log:
    Reapply the fix *intended* by rev 1.79 in a safer manner.  Prior to
    all assignments and the final SSL_free(), free ssl_conn->client_cert
    to avoid leaks of this refcounted X509*.  Prereleasing refcounted
    objects is unsafe programming; fix applied to both branches.
  
  Revision  Changes    Path
  No                   revision
  
  
  No                   revision
  
  
  1.100.2.4 +7 -1      httpd-2.0/modules/ssl/ssl_engine_io.c
  
  Index: ssl_engine_io.c
  ===================================================================
  RCS file: /home/cvs/httpd-2.0/modules/ssl/ssl_engine_io.c,v
  retrieving revision 1.100.2.3
  retrieving revision 1.100.2.4
  diff -u -r1.100.2.3 -r1.100.2.4
  --- ssl_engine_io.c	27 Feb 2003 11:57:34 -0000	1.100.2.3
  +++ ssl_engine_io.c	5 Apr 2003 19:04:43 -0000	1.100.2.4
  @@ -995,6 +995,10 @@
       }
   
       /* deallocate the SSL connection */
  +    if (sslconn->client_cert) {
  +        X509_free(sslconn->client_cert);
  +        sslconn->client_cert = NULL;
  +    }
       SSL_free(ssl);
       sslconn->ssl = NULL;
       filter_ctx->pssl = NULL; /* so filters know we've been shutdown */
  @@ -1161,9 +1165,11 @@
        * Remember the peer certificate's DN
        */
       if ((cert = SSL_get_peer_certificate(filter_ctx->pssl))) {
  +        if (sslconn->client_cert) {
  +            X509_free(sslconn->client_cert);
  +        }
           sslconn->client_cert = cert;
           sslconn->client_dn = NULL;
  -        X509_free(cert);
       }
   
       /*
  
  
  
  1.82.2.5  +7 -1      httpd-2.0/modules/ssl/ssl_engine_kernel.c
  
  Index: ssl_engine_kernel.c
  ===================================================================
  RCS file: /home/cvs/httpd-2.0/modules/ssl/ssl_engine_kernel.c,v
  retrieving revision 1.82.2.4
  retrieving revision 1.82.2.5
  diff -u -r1.82.2.4 -r1.82.2.5
  --- ssl_engine_kernel.c	5 Apr 2003 18:36:55 -0000	1.82.2.4
  +++ ssl_engine_kernel.c	5 Apr 2003 19:04:43 -0000	1.82.2.5
  @@ -718,6 +718,9 @@
            * Remember the peer certificate's DN
            */
           if ((cert = SSL_get_peer_certificate(ssl))) {
  +            if (sslconn->client_cert) {
  +                X509_free(sslconn->client_cert);
  +            }
               sslconn->client_cert = cert;
               sslconn->client_dn = NULL;
           }
  @@ -1262,8 +1265,11 @@
                        "Certificate Verification: Error (%d): %s",
                        errnum, X509_verify_cert_error_string(errnum));
   
  +        if (sslconn->client_cert) {
  +            X509_free(sslconn->client_cert);
  +            sslconn->client_cert = NULL;
  +        }
           sslconn->client_dn = NULL;
  -        sslconn->client_cert = NULL;
           sslconn->verify_error = X509_verify_cert_error_string(errnum);
       }
   
  
  
  

Mime
View raw message