Commit d285c051 authored by Howard Chu's avatar Howard Chu
Browse files

ITS#9686 plug peercert memleak

parent 37350bbd
Pipeline #3518 passed with stage
in 49 minutes and 8 seconds
......@@ -1056,9 +1056,11 @@ tlso_session_endpoint( tls_session *sess, struct berval *buf, int is_server )
md = EVP_sha256();
if ( !X509_digest( cert, md, (unsigned char *) (buf->bv_val), &md_len ))
return 0;
md_len = 0;
buf->bv_len = md_len;
if ( !is_server )
X509_free( cert );
return md_len;
}
......@@ -1081,15 +1083,19 @@ static int
tlso_session_peercert( tls_session *sess, struct berval *der )
{
tlso_session *s = (tlso_session *)sess;
unsigned char *ptr;
int ret = -1;
X509 *x = SSL_get_peer_certificate(s);
if ( x ) {
der->bv_len = i2d_X509(x, NULL);
der->bv_val = LDAP_MALLOC(der->bv_len);
if ( !der->bv_val )
return -1;
ptr = (unsigned char *) (der->bv_val);
if ( der->bv_val ) {
unsigned char *ptr = (unsigned char *) (der->bv_val);
i2d_X509(x, &ptr);
return 0;
ret = 0;
}
X509_free( x );
}
return ret;
}
static int
......@@ -1102,13 +1108,17 @@ tlso_session_pinning( LDAP *ld, tls_session *sess, char *hashalg, struct berval
X509 *cert = SSL_get_peer_certificate(s);
int len, rc = LDAP_SUCCESS;
if ( !cert )
return -1;
len = i2d_X509_PUBKEY( X509_get_X509_PUBKEY(cert), NULL );
tmp = LDAP_MALLOC( len );
key.bv_val = (char *) tmp;
if ( !key.bv_val ) {
return -1;
rc = -1;
goto done;
}
key.bv_len = i2d_X509_PUBKEY( X509_get_X509_PUBKEY(cert), &tmp );
......@@ -1162,6 +1172,7 @@ tlso_session_pinning( LDAP *ld, tls_session *sess, char *hashalg, struct berval
done:
LDAP_FREE( key.bv_val );
X509_free( cert );
return rc;
}
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment