httpd-cvs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From wr...@apache.org
Subject cvs commit: httpd-2.0/modules/ssl ssl_engine_io.c ssl_engine_kernel.c
Date Sat, 05 Apr 2003 19:04:44 GMT
wrowe       2003/04/05 11:04:44

  Modified:    modules/ssl ssl_engine_io.c ssl_engine_kernel.c
  Log:
    Reapply the fix *intended* by rev 1.79 in a safer manner.  Prior to
    all assignments and the final SSL_free(), free ssl_conn->client_cert
    to avoid leaks of this refcounted X509*.  Prereleasing refcounted
    objects is unsafe programming; fix applied to both branches.
  
  Revision  Changes    Path
  1.105     +7 -1      httpd-2.0/modules/ssl/ssl_engine_io.c
  
  Index: ssl_engine_io.c
  ===================================================================
  RCS file: /home/cvs/httpd-2.0/modules/ssl/ssl_engine_io.c,v
  retrieving revision 1.104
  retrieving revision 1.105
  diff -u -r1.104 -r1.105
  --- ssl_engine_io.c	21 Feb 2003 20:12:24 -0000	1.104
  +++ ssl_engine_io.c	5 Apr 2003 19:04:44 -0000	1.105
  @@ -995,6 +995,10 @@
       }
   
       /* deallocate the SSL connection */
  +    if (sslconn->client_cert) {
  +        X509_free(sslconn->client_cert);
  +        sslconn->client_cert = NULL;
  +    }
       SSL_free(ssl);
       sslconn->ssl = NULL;
       filter_ctx->pssl = NULL; /* so filters know we've been shutdown */
  @@ -1161,9 +1165,11 @@
        * Remember the peer certificate's DN
        */
       if ((cert = SSL_get_peer_certificate(filter_ctx->pssl))) {
  +        if (sslconn->client_cert) {
  +            X509_free(sslconn->client_cert);
  +        }
           sslconn->client_cert = cert;
           sslconn->client_dn = NULL;
  -        X509_free(cert);
       }
   
       /*
  
  
  
  1.91      +7 -1      httpd-2.0/modules/ssl/ssl_engine_kernel.c
  
  Index: ssl_engine_kernel.c
  ===================================================================
  RCS file: /home/cvs/httpd-2.0/modules/ssl/ssl_engine_kernel.c,v
  retrieving revision 1.90
  retrieving revision 1.91
  diff -u -r1.90 -r1.91
  --- ssl_engine_kernel.c	5 Apr 2003 18:36:56 -0000	1.90
  +++ ssl_engine_kernel.c	5 Apr 2003 19:04:44 -0000	1.91
  @@ -728,6 +728,9 @@
            * Remember the peer certificate's DN
            */
           if ((cert = SSL_get_peer_certificate(ssl))) {
  +            if (sslconn->client_cert) {
  +                X509_free(sslconn->client_cert);
  +            }
               sslconn->client_cert = cert;
               sslconn->client_dn = NULL;
           }
  @@ -1276,8 +1279,11 @@
                        "Certificate Verification: Error (%d): %s",
                        errnum, X509_verify_cert_error_string(errnum));
   
  +        if (sslconn->client_cert) {
  +            X509_free(sslconn->client_cert);
  +            sslconn->client_cert = NULL;
  +        }
           sslconn->client_dn = NULL;
  -        sslconn->client_cert = NULL;
           sslconn->verify_error = X509_verify_cert_error_string(errnum);
       }
   
  
  
  

Mime
View raw message