httpd-cvs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From yla...@apache.org
Subject svn commit: r1666297 - in /httpd/httpd/trunk: CHANGES modules/ssl/ssl_util_ssl.c
Date Thu, 12 Mar 2015 20:50:09 GMT
Author: ylavic
Date: Thu Mar 12 20:50:09 2015
New Revision: 1666297

URL: http://svn.apache.org/r1666297
Log:
ssl_util: Fix possible crash (free => OPENSSL_free) and error path leaks when
checking the server certificate constraints (SSL_X509_getBC()).

Modified:
    httpd/httpd/trunk/CHANGES
    httpd/httpd/trunk/modules/ssl/ssl_util_ssl.c

Modified: httpd/httpd/trunk/CHANGES
URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/CHANGES?rev=1666297&r1=1666296&r2=1666297&view=diff
==============================================================================
--- httpd/httpd/trunk/CHANGES [utf-8] (original)
+++ httpd/httpd/trunk/CHANGES [utf-8] Thu Mar 12 20:50:09 2015
@@ -6,6 +6,9 @@ Changes with Apache 2.5.0
      to a local URL-path with the INCLUDES filter active, introduced
      in 2.4.11. PR 57531. [Yann Ylavic]
 
+  *) mod_ssl: Fix possible crash when loading server certificate constraints.
+     PR 57694. [Paul Spangler <paul.spangler ni com>, Yann Ylavic]
+
   *) core, modules: Avoid error response/document handling by the core if some
      handler or input filter already did it while reading the request (causing
      a double response body).  [Yann Ylavic]

Modified: httpd/httpd/trunk/modules/ssl/ssl_util_ssl.c
URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/ssl/ssl_util_ssl.c?rev=1666297&r1=1666296&r2=1666297&view=diff
==============================================================================
--- httpd/httpd/trunk/modules/ssl/ssl_util_ssl.c (original)
+++ httpd/httpd/trunk/modules/ssl/ssl_util_ssl.c Thu Mar 12 20:50:09 2015
@@ -173,12 +173,17 @@ BOOL SSL_X509_getBC(X509 *cert, int *ca,
     *ca = bc->ca;
     *pathlen = -1 /* unlimited */;
     if (bc->pathlen != NULL) {
-        if ((bn = ASN1_INTEGER_to_BN(bc->pathlen, NULL)) == NULL)
+        if ((bn = ASN1_INTEGER_to_BN(bc->pathlen, NULL)) == NULL) {
+            BASIC_CONSTRAINTS_free(bc);
             return FALSE;
-        if ((cp = BN_bn2dec(bn)) == NULL)
+        }
+        if ((cp = BN_bn2dec(bn)) == NULL) {
+            BN_free(bn);
+            BASIC_CONSTRAINTS_free(bc);
             return FALSE;
+        }
         *pathlen = atoi(cp);
-        free(cp);
+        OPENSSL_free(cp);
         BN_free(bn);
     }
     BASIC_CONSTRAINTS_free(bc);



Mime
View raw message