]> git.ipfire.org Git - thirdparty/squid.git/commit
projects / thirdparty / squid.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 665f2f8) | patch
Do not leak Security::CertErrors created in X509_verify_cert() (#1346)
authorAlex Rousskov <rousskov@measurement-factory.com>
Wed, 10 May 2023 20:45:27 +0000 (20:45 +0000)
committerSquid Anubis <squid-anubis@squid-cache.org>
Fri, 12 May 2023 20:53:31 +0000 (20:53 +0000)
commit27a1c6de519dc8a5af0cb0ad080ee4b962a03d3f
treec7befba205f23f6544710da129e68f5eb0139f18tree | snapshot
parent665f2f8534f98ea979ed1190e79612f3cb5dc15acommit | diff
Do not leak Security::CertErrors created in X509_verify_cert() (#1346)

ACLFilledChecklist was using a raw C pointer for handling cbdata-managed
Security::CertErrors. Some sslErrors users knew about hidden cbdata
requirements, some did not, resulting in inconsistent locking/unlocking
and associated memory leaks. Upgrading ACLFilledChecklist::sslErrors to
smart CbcPointer fixes those leaks (and simplifies code).
src/acl/FilledChecklist.cc diff | blob | blame | history
src/acl/FilledChecklist.h diff | blob | blame | history
src/acl/SslError.cc diff | blob | blame | history
src/client_side.cc diff | blob | blame | history
src/security/PeerConnector.cc diff | blob | blame | history
src/ssl/ServerBump.cc diff | blob | blame | history
src/ssl/ServerBump.h diff | blob | blame | history
src/ssl/support.cc diff | blob | blame | history
Mirror of https://github.com/squid-cache/squid.git