| Subject: | yet another memleak in OCSP handling (patch included) |
Hi,
I've found yet another memory leak in the OCSP handling code. Problem is, that find_issuer in sometimes returned an X509 object from the stack (not to be freed) but in some cases also an X509 object which had to be freed (as returned by X509_STORE_CTX_get1_issuer). In the last case a memory leak occured since the object was never freed.
With the attached patch find_issuer will now always return an X509 object which need to be freed and this will be freed always after use.
Regards,
Steffen
| Subject: | Net-SSLeay.patch |
Index: SSLeay.xs
===================================================================
--- SSLeay.xs (revision 519)
+++ SSLeay.xs (working copy)
@@ -1650,7 +1650,7 @@
for(i=0;i<sk_X509_num(chain);i++) {
if ( X509_check_issued(sk_X509_value(chain,i),cert) == X509_V_OK ) {
TRACE(2,"found issuer in chain");
- issuer = sk_X509_value(chain,i);
+ issuer = X509_dup(sk_X509_value(chain,i));
}
}
}
@@ -6600,7 +6600,9 @@
croak("no OCSP request for self-signed certificate");
if (!(issuer = find_issuer(cert,store,chain)))
croak("cannot find issuer certificate");
- if (!(id = OCSP_cert_to_id(EVP_sha1(),cert,issuer)))
+ id = OCSP_cert_to_id(EVP_sha1(),cert,issuer);
+ X509_free(issuer);
+ if (!id)
croak("out of memory for generating OCSP certid");
pi = NULL;
@@ -6696,6 +6698,7 @@
ERR_clear_error(); /* clear error from last OCSP_basic_verify */
if (last && (issuer = find_issuer(last,store,chain))) {
OCSP_basic_add1_cert(bsr, issuer);
+ X509_free(issuer);
TRACE(1,"run OCSP_basic_verify with issuer for last chain element");
RETVAL = OCSP_basic_verify(bsr, NULL, store, flags);
}