From: William A. Rowe Jr <wrowe@apache.org>
Date: Sat, 5 Apr 2003 19:04:44 +0000 (+0000)
Subject:   Reapply the fix *intended* by rev 1.79 in a safer manner.  Prior to
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=2850b5de6fa726a34baee4dcc01ac70142b15398;p=thirdparty%2Fapache%2Fhttpd.git

  Reapply the fix *intended* by rev 1.79 in a safer manner.  Prior to
  all assignments and the final SSL_free(), free ssl_conn->client_cert
  to avoid leaks of this refcounted X509*.  Prereleasing refcounted
  objects is unsafe programming; fix applied to both branches.


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@99252 13f79535-47bb-0310-9956-ffa450edef68
---

diff --git a/ssl_engine_io.c b/ssl_engine_io.c
index 1b44d1f3466..2bf7221d5b8 100644
--- a/ssl_engine_io.c
+++ b/ssl_engine_io.c
@@ -995,6 +995,10 @@ static apr_status_t ssl_filter_io_shutdown(ssl_filter_ctx_t *filter_ctx,
     }
 
     /* deallocate the SSL connection */
+    if (sslconn->client_cert) {
+        X509_free(sslconn->client_cert);
+        sslconn->client_cert = NULL;
+    }
     SSL_free(ssl);
     sslconn->ssl = NULL;
     filter_ctx->pssl = NULL; /* so filters know we've been shutdown */
@@ -1161,9 +1165,11 @@ static int ssl_io_filter_connect(ssl_filter_ctx_t *filter_ctx)
      * Remember the peer certificate's DN
      */
     if ((cert = SSL_get_peer_certificate(filter_ctx->pssl))) {
+        if (sslconn->client_cert) {
+            X509_free(sslconn->client_cert);
+        }
         sslconn->client_cert = cert;
         sslconn->client_dn = NULL;
-        X509_free(cert);
     }
 
     /*
diff --git a/ssl_engine_kernel.c b/ssl_engine_kernel.c
index dfcd5e5f595..831c3a2aaa5 100644
--- a/ssl_engine_kernel.c
+++ b/ssl_engine_kernel.c
@@ -728,6 +728,9 @@ int ssl_hook_Access(request_rec *r)
          * Remember the peer certificate's DN
          */
         if ((cert = SSL_get_peer_certificate(ssl))) {
+            if (sslconn->client_cert) {
+                X509_free(sslconn->client_cert);
+            }
             sslconn->client_cert = cert;
             sslconn->client_dn = NULL;
         }
@@ -1276,8 +1279,11 @@ int ssl_callback_SSLVerify(int ok, X509_STORE_CTX *ctx)
                      "Certificate Verification: Error (%d): %s",
                      errnum, X509_verify_cert_error_string(errnum));
 
+        if (sslconn->client_cert) {
+            X509_free(sslconn->client_cert);
+            sslconn->client_cert = NULL;
+        }
         sslconn->client_dn = NULL;
-        sslconn->client_cert = NULL;
         sslconn->verify_error = X509_verify_cert_error_string(errnum);
     }