Skip to content

Commit 9bc93cb

Browse files
wrowewrowe
committed
 Reapply the fix *intended* by rev 1.79 in a safer manner. Prior to all assignments and the final SSL_free(), free ssl_conn->client_cert to avoid leaks of this refcounted X509*. Prereleasing refcounted objects is unsafe programming; fix applied to both branches. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/APACHE_2_0_BRANCH@99251 13f79535-47bb-0310-9956-ffa450edef68
1 parent af74de2 commit 9bc93cb

2 files changed

Lines changed: 14 additions & 2 deletions

File tree

modules/ssl/ssl_engine_io.c

Lines changed: 7 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -995,6 +995,10 @@ static apr_status_t ssl_filter_io_shutdown(ssl_filter_ctx_t *filter_ctx,
995995
}
996996

997997
/* deallocate the SSL connection */
998+
if (sslconn->client_cert) {
999+
X509_free(sslconn->client_cert);
1000+
sslconn->client_cert = NULL;
1001+
}
9981002
SSL_free(ssl);
9991003
sslconn->ssl = NULL;
10001004
filter_ctx->pssl = NULL; /* so filters know we've been shutdown */
@@ -1161,9 +1165,11 @@ static int ssl_io_filter_connect(ssl_filter_ctx_t *filter_ctx)
11611165
* Remember the peer certificate's DN
11621166
*/
11631167
if ((cert = SSL_get_peer_certificate(filter_ctx->pssl))) {
1168+
if (sslconn->client_cert) {
1169+
X509_free(sslconn->client_cert);
1170+
}
11641171
sslconn->client_cert = cert;
11651172
sslconn->client_dn = NULL;
1166-
X509_free(cert);
11671173
}
11681174

11691175
/*

modules/ssl/ssl_engine_kernel.c

Lines changed: 7 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -718,6 +718,9 @@ int ssl_hook_Access(request_rec *r)
718718
* Remember the peer certificate's DN
719719
*/
720720
if ((cert = SSL_get_peer_certificate(ssl))) {
721+
if (sslconn->client_cert) {
722+
X509_free(sslconn->client_cert);
723+
}
721724
sslconn->client_cert = cert;
722725
sslconn->client_dn = NULL;
723726
}
@@ -1262,8 +1265,11 @@ int ssl_callback_SSLVerify(int ok, X509_STORE_CTX *ctx)
12621265
"Certificate Verification: Error (%d): %s",
12631266
errnum, X509_verify_cert_error_string(errnum));
12641267

1268+
if (sslconn->client_cert) {
1269+
X509_free(sslconn->client_cert);
1270+
sslconn->client_cert = NULL;
1271+
}
12651272
sslconn->client_dn = NULL;
1266-
sslconn->client_cert = NULL;
12671273
sslconn->verify_error = X509_verify_cert_error_string(errnum);
12681274
}
12691275

0 commit comments

Comments
 (0)