]> git.ipfire.org Git - thirdparty/squid.git/commit
projects / thirdparty / squid.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 5f247bd) | patch
Fix reconfiguration leaking tls-cert=... memory (#911)
authorAlex Rousskov <rousskov@measurement-factory.com>
Sat, 23 Oct 2021 01:45:42 +0000 (01:45 +0000)
committerSquid Anubis <squid-anubis@squid-cache.org>
Sat, 23 Oct 2021 03:30:35 +0000 (03:30 +0000)
commitb05c195415169b684b6037f306feead45ee9de4e
treea8fb6e25c7f1d8e14f99bd4c6c5359419c3deb46tree | snapshot
parent5f247bd2ed9ed2a5bd9de2e3f32b87c8bc68e26ecommit | diff
Fix reconfiguration leaking tls-cert=... memory (#911)

Refactored ReadX509Certificate() API for safe use in more contexts,
including in leaking Security::KeyData::loadX509ChainFromFile().

Abstract direct calls to the dangerous PEM_read_bio_X509() API.

Leaking (under certain conditions) since master/v5 commit 540e296.
compat/openssl.h diff | blob | blame | history
src/security/KeyData.cc diff | blob | blame | history
src/security/cert_generators/file/certificate_db.cc diff | blob | blame | history
src/ssl/gadgets.cc diff | blob | blame | history
src/ssl/gadgets.h diff | blob | blame | history
src/ssl/support.cc diff | blob | blame | history
Mirror of https://github.com/squid-cache/squid.git