Skip Menu |
 

This queue is for tickets about the Net-SSLeay CPAN distribution.

Report information
The Basics
Id: 125273
Status: new
Priority: 0/
Queue: Net-SSLeay

People
Owner: Nobody in particular
Requestors: Steffen_Ullrich [...] genua.de
Cc:
AdminCc:

Bug Information
Severity: (no value)
Broken in: 1.85
Fixed in: (no value)



Subject: yet another memleak in OCSP handling (patch included)
Download (untitled) / with headers
text/plain 500b
Hi, I've found yet another memory leak in the OCSP handling code. Problem is, that find_issuer in sometimes returned an X509 object from the stack (not to be freed) but in some cases also an X509 object which had to be freed (as returned by X509_STORE_CTX_get1_issuer). In the last case a memory leak occured since the object was never freed. With the attached patch find_issuer will now always return an X509 object which need to be freed and this will be freed always after use. Regards, Steffen
Subject: Net-SSLeay.patch
Download Net-SSLeay.patch
text/x-diff 1.1k
Index: SSLeay.xs =================================================================== --- SSLeay.xs (revision 519) +++ SSLeay.xs (working copy) @@ -1650,7 +1650,7 @@ for(i=0;i<sk_X509_num(chain);i++) { if ( X509_check_issued(sk_X509_value(chain,i),cert) == X509_V_OK ) { TRACE(2,"found issuer in chain"); - issuer = sk_X509_value(chain,i); + issuer = X509_dup(sk_X509_value(chain,i)); } } } @@ -6600,7 +6600,9 @@ croak("no OCSP request for self-signed certificate"); if (!(issuer = find_issuer(cert,store,chain))) croak("cannot find issuer certificate"); - if (!(id = OCSP_cert_to_id(EVP_sha1(),cert,issuer))) + id = OCSP_cert_to_id(EVP_sha1(),cert,issuer); + X509_free(issuer); + if (!id) croak("out of memory for generating OCSP certid"); pi = NULL; @@ -6696,6 +6698,7 @@ ERR_clear_error(); /* clear error from last OCSP_basic_verify */ if (last && (issuer = find_issuer(last,store,chain))) { OCSP_basic_add1_cert(bsr, issuer); + X509_free(issuer); TRACE(1,"run OCSP_basic_verify with issuer for last chain element"); RETVAL = OCSP_basic_verify(bsr, NULL, store, flags); }


This service is sponsored and maintained by Best Practical Solutions and runs on Perl.org infrastructure.

Please report any issues with rt.cpan.org to rt-cpan-admin@bestpractical.com.