From: Ruediger Pluem <rpluem@apache.org>
Date: Thu, 7 Oct 2021 11:55:51 +0000 (+0000)
Subject: * Fix memory leak in case of failures to load the private key.
X-Git-Tag: 2.5.0-alpha2-ci-test-only~766
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=7ecfc5b3a8f6e33ca5fb41f3c1c336c957646a19;p=thirdparty%2Fapache%2Fhttpd.git

* Fix memory leak in case of failures to load the private key.

PR: 65620


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1893969 13f79535-47bb-0310-9956-ffa450edef68
---

diff --git a/changes-entries/pr65620.txt b/changes-entries/pr65620.txt
new file mode 100644
index 00000000000..c14f2756889
--- /dev/null
+++ b/changes-entries/pr65620.txt
@@ -0,0 +1,2 @@
+  *) mod_md: Fix memory leak in case of failures to load the private key.
+     PR 65620 [ Filipe Casal <filipe.casal@trailofbits.com> ]
diff --git a/modules/md/md_crypt.c b/modules/md/md_crypt.c
index 55826be8601..1cb5c0473d3 100644
--- a/modules/md/md_crypt.c
+++ b/modules/md/md_crypt.c
@@ -643,6 +643,7 @@ static apr_status_t pkey_to_buffer(md_data_t *buf, md_pkey_t *pkey, apr_pool_t *
     const EVP_CIPHER *cipher = NULL;
     pem_password_cb *cb = NULL;
     void *cb_baton = NULL;
+    apr_status_t rv = APR_SUCCESS;
     passwd_ctx ctx;
     unsigned long err;
     int i;
@@ -651,7 +652,8 @@ static apr_status_t pkey_to_buffer(md_data_t *buf, md_pkey_t *pkey, apr_pool_t *
         return APR_ENOMEM;
     }
     if (pass_len > INT_MAX) {
-        return APR_EINVAL;
+        rv = APR_EINVAL;
+        goto cleanup;
     }
     if (pass && pass_len > 0) {
         ctx.pass_phrase = pass;
@@ -660,7 +662,8 @@ static apr_status_t pkey_to_buffer(md_data_t *buf, md_pkey_t *pkey, apr_pool_t *
         cb_baton = &ctx;
         cipher = EVP_aes_256_cbc();
         if (!cipher) {
-            return APR_ENOTIMPL;
+            rv = APR_ENOTIMPL;
+            goto cleanup;
         }
     }
     
@@ -670,11 +673,11 @@ static apr_status_t pkey_to_buffer(md_data_t *buf, md_pkey_t *pkey, apr_pool_t *
 #else 
     if (!PEM_write_bio_PrivateKey(bio, pkey->pkey, cipher, NULL, 0, cb, cb_baton)) {
 #endif
-        BIO_free(bio);
         err = ERR_get_error();
         md_log_perror(MD_LOG_MARK, MD_LOG_ERR, 0, p, "PEM_write key: %ld %s", 
                       err, ERR_error_string(err, NULL)); 
-        return APR_EINVAL;
+        rv = APR_EINVAL;
+        goto cleanup;
     }
 
     md_data_null(buf);
@@ -684,8 +687,10 @@ static apr_status_t pkey_to_buffer(md_data_t *buf, md_pkey_t *pkey, apr_pool_t *
         i = BIO_read(bio, (char*)buf->data, i);
         buf->len = (apr_size_t)i;
     }
+
+cleanup:
     BIO_free(bio);
-    return APR_SUCCESS;
+    return rv;
 }
 
 apr_status_t md_pkey_fsave(md_pkey_t *pkey, apr_pool_t *p,