Fix SslBump reconfiguration leaking public key memory (#861)

author Alex Rousskov <rousskov@measurement-factory.com>

Mon, 12 Jul 2021 20:59:02 +0000 (20:59 +0000)

committer Squid Anubis <squid-anubis@squid-cache.org>

Thu, 15 Jul 2021 02:36:28 +0000 (02:36 +0000)
author Alex Rousskov <rousskov@measurement-factory.com>
Mon, 12 Jul 2021 20:59:02 +0000 (20:59 +0000)
committer Squid Anubis <squid-anubis@squid-cache.org>
Thu, 15 Jul 2021 02:36:28 +0000 (02:36 +0000)
diff --git a/src/ssl/gadgets.cc b/src/ssl/gadgets.cc

index fd437abc4b2181f4d9bb8dcde6812d43de180e3b..36262e29ba0d36f4a40b3d88abf7b98858ce6b7d 100644 (file)
--- a/src/ssl/gadgets.cc
+++ b/src/ssl/gadgets.cc
@@ -376,8 +376,10 @@ mimicExtensions(Security::CertPointer & cert, Security::CertPointer const &mimic
          DecipherOnly
      };
  
-    EVP_PKEY *certKey = X509_get_pubkey(mimicCert.get());
-    const bool rsaPkey = (EVP_PKEY_get0_RSA(certKey) != nullptr);
+    // XXX: Add PublicKeyPointer. In OpenSSL, public and private keys are
+    // internally represented by EVP_PKEY pair, but GnuTLS uses distinct types.
+    const Security::PrivateKeyPointer certKey(X509_get_pubkey(mimicCert.get()));
+    const auto rsaPkey = EVP_PKEY_get0_RSA(certKey.get()) != nullptr;
  
      int added = 0;
      int nid;
author	Alex Rousskov <rousskov@measurement-factory.com>
	Mon, 12 Jul 2021 20:59:02 +0000 (20:59 +0000)
committer	Squid Anubis <squid-anubis@squid-cache.org>
	Thu, 15 Jul 2021 02:36:28 +0000 (02:36 +0000)