Skip to content
GitLab
Projects
Groups
Snippets
/
Help
Help
Support
Community forum
Keyboard shortcuts
?
Submit feedback
Sign in / Register
Toggle navigation
Menu
Open sidebar
James Rouzier
OpenLDAP
Commits
d285c051
Commit
d285c051
authored
Sep 15, 2021
by
Howard Chu
Browse files
ITS#9686 plug peercert memleak
parent
37350bbd
Changes
1
Hide whitespace changes
Inline
Side-by-side
libraries/libldap/tls_o.c
View file @
d285c051
...
...
@@ -1056,9 +1056,11 @@ tlso_session_endpoint( tls_session *sess, struct berval *buf, int is_server )
md
=
EVP_sha256
();
if
(
!
X509_digest
(
cert
,
md
,
(
unsigned
char
*
)
(
buf
->
bv_val
),
&
md_len
))
return
0
;
md_len
=
0
;
buf
->
bv_len
=
md_len
;
if
(
!
is_server
)
X509_free
(
cert
);
return
md_len
;
}
...
...
@@ -1081,15 +1083,19 @@ static int
tlso_session_peercert
(
tls_session
*
sess
,
struct
berval
*
der
)
{
tlso_session
*
s
=
(
tlso_session
*
)
sess
;
unsigned
char
*
ptr
;
int
ret
=
-
1
;
X509
*
x
=
SSL_get_peer_certificate
(
s
);
der
->
bv_len
=
i2d_X509
(
x
,
NULL
);
der
->
bv_val
=
LDAP_MALLOC
(
der
->
bv_len
);
if
(
!
der
->
bv_val
)
return
-
1
;
ptr
=
(
unsigned
char
*
)
(
der
->
bv_val
);
i2d_X509
(
x
,
&
ptr
);
return
0
;
if
(
x
)
{
der
->
bv_len
=
i2d_X509
(
x
,
NULL
);
der
->
bv_val
=
LDAP_MALLOC
(
der
->
bv_len
);
if
(
der
->
bv_val
)
{
unsigned
char
*
ptr
=
(
unsigned
char
*
)
(
der
->
bv_val
);
i2d_X509
(
x
,
&
ptr
);
ret
=
0
;
}
X509_free
(
x
);
}
return
ret
;
}
static
int
...
...
@@ -1102,13 +1108,17 @@ tlso_session_pinning( LDAP *ld, tls_session *sess, char *hashalg, struct berval
X509
*
cert
=
SSL_get_peer_certificate
(
s
);
int
len
,
rc
=
LDAP_SUCCESS
;
if
(
!
cert
)
return
-
1
;
len
=
i2d_X509_PUBKEY
(
X509_get_X509_PUBKEY
(
cert
),
NULL
);
tmp
=
LDAP_MALLOC
(
len
);
key
.
bv_val
=
(
char
*
)
tmp
;
if
(
!
key
.
bv_val
)
{
return
-
1
;
rc
=
-
1
;
goto
done
;
}
key
.
bv_len
=
i2d_X509_PUBKEY
(
X509_get_X509_PUBKEY
(
cert
),
&
tmp
);
...
...
@@ -1162,6 +1172,7 @@ tlso_session_pinning( LDAP *ld, tls_session *sess, char *hashalg, struct berval
done:
LDAP_FREE
(
key
.
bv_val
);
X509_free
(
cert
);
return
rc
;
}
...
...
Write
Preview
Supports
Markdown
0%
Try again
or
attach a new file
.
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment