From: Stefan Eissing Date: Wed, 24 Nov 2021 10:56:20 +0000 (+0000) Subject: * mod_md: resurrection of r1893969 after accidental overwrite in r1894610 X-Git-Tag: 2.5.0-alpha2-ci-test-only~688 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=b1182bb6dfebf63ebff87fbb9396127a580211db;p=thirdparty%2Fapache%2Fhttpd.git * mod_md: resurrection of r1893969 after accidental overwrite in r1894610 git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1895287 13f79535-47bb-0310-9956-ffa450edef68 --- diff --git a/modules/md/md_crypt.c b/modules/md/md_crypt.c index 7cb2e335aac..a264b867c76 100644 --- a/modules/md/md_crypt.c +++ b/modules/md/md_crypt.c @@ -644,6 +644,7 @@ static apr_status_t pkey_to_buffer(md_data_t *buf, md_pkey_t *pkey, apr_pool_t * const EVP_CIPHER *cipher = NULL; pem_password_cb *cb = NULL; void *cb_baton = NULL; + apr_status_t rv = APR_SUCCESS; passwd_ctx ctx; unsigned long err; int i; @@ -652,7 +653,8 @@ static apr_status_t pkey_to_buffer(md_data_t *buf, md_pkey_t *pkey, apr_pool_t * return APR_ENOMEM; } if (pass_len > INT_MAX) { - return APR_EINVAL; + rv = APR_EINVAL; + goto cleanup; } if (pass && pass_len > 0) { ctx.pass_phrase = pass; @@ -661,7 +663,8 @@ static apr_status_t pkey_to_buffer(md_data_t *buf, md_pkey_t *pkey, apr_pool_t * cb_baton = &ctx; cipher = EVP_aes_256_cbc(); if (!cipher) { - return APR_ENOTIMPL; + rv = APR_ENOTIMPL; + goto cleanup; } } @@ -671,11 +674,11 @@ static apr_status_t pkey_to_buffer(md_data_t *buf, md_pkey_t *pkey, apr_pool_t * #else if (!PEM_write_bio_PrivateKey(bio, pkey->pkey, cipher, NULL, 0, cb, cb_baton)) { #endif - BIO_free(bio); err = ERR_get_error(); md_log_perror(MD_LOG_MARK, MD_LOG_ERR, 0, p, "PEM_write key: %ld %s", err, ERR_error_string(err, NULL)); - return APR_EINVAL; + rv = APR_EINVAL; + goto cleanup; } md_data_null(buf); @@ -685,8 +688,10 @@ static apr_status_t pkey_to_buffer(md_data_t *buf, md_pkey_t *pkey, apr_pool_t * i = BIO_read(bio, (char*)buf->data, i); buf->len = (apr_size_t)i; } + +cleanup: BIO_free(bio); - return APR_SUCCESS; + return rv; } apr_status_t md_pkey_fsave(md_pkey_t *pkey, apr_pool_t *p, diff --git a/modules/md/md_version.h b/modules/md/md_version.h index 27a20fd25e9..ae723f621ff 100644 --- a/modules/md/md_version.h +++ b/modules/md/md_version.h @@ -27,7 +27,7 @@ * @macro * Version number of the md module as c string */ -#define MOD_MD_VERSION "2.4.9" +#define MOD_MD_VERSION "2.4.10" /** * @macro @@ -35,7 +35,7 @@ * release. This is a 24 bit number with 8 bits for major number, 8 bits * for minor and 8 bits for patch. Version 1.2.3 becomes 0x010203. */ -#define MOD_MD_VERSION_NUM 0x020409 +#define MOD_MD_VERSION_NUM 0x02040a #define MD_ACME_DEF_URL "https://acme-v02.api.letsencrypt.org/directory"