STIR/SHAKEN: OPENSSL_free serial hex from openssl.

We're getting the serial number of the certificate from openssl and
freeing it with ast_free(), but it needs to be freed with OPENSSL_free()
instead. Now we duplicate the string and free the one from openssl with
OPENSSL_free(), which means we can still use ast_free() on the returned
string.

https://wiki.asterisk.org/wiki/display/AST/OpenSIPit+2021

Change-Id: Ia6e1a4028c1933a0e1d204b769ebb9f5a11f00ab

diff --git a/res/res_stir_shaken/stir_shaken.c b/res/res_stir_shaken/stir_shaken.c
index b580773c31e271eab3673fbec79ef46778795f38..6bc07ea4d94dc6aa627c04a7f75bba3be32740a3 100644 (file)
--- a/res/res_stir_shaken/stir_shaken.c
+++ b/res/res_stir_shaken/stir_shaken.c
@@ -144,6 +144,7 @@ char *stir_shaken_get_serial_number_x509(const char *path)
        ASN1_INTEGER *serial;
        BIGNUM *bignum;
        char *serial_hex;
+       char *ret;
 
        fp = fopen(path, "r");
        if (!fp) {
@@ -188,5 +189,12 @@ char *stir_shaken_get_serial_number_x509(const char *path)
                return NULL;
        }
 
-       return serial_hex;
+       ret = ast_strdup(serial_hex);
+       OPENSSL_free(serial_hex);
+       if (!ret) {
+               ast_log(LOG_ERROR, "Failed to dup serial from openssl for certificate %s\n", path);
+               return NULL;
+       }
+
+       return ret;
 }