From: Eric Covener <covener@apache.org>
Date: Wed, 15 Apr 2015 19:49:31 +0000 (+0000)
Subject: Merge r1666297 from trunk:
X-Git-Tag: 2.4.13~219
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=360c7e5869c333f800305161d0e25877b9d43622;p=thirdparty%2Fapache%2Fhttpd.git

Merge r1666297 from trunk:

ssl_util: Fix possible crash (free => OPENSSL_free) and error path leaks when
checking the server certificate constraints (SSL_X509_getBC()).



git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1673940 13f79535-47bb-0310-9956-ffa450edef68
---

diff --git a/CHANGES b/CHANGES
index ec11a24759b..b1051363865 100644
--- a/CHANGES
+++ b/CHANGES
@@ -12,6 +12,13 @@ Changes with Apache 2.4.13
      calls r:wsupgrade() can cause a child process crash. 
      [Edward Lu <Chaosed0 gmail.com>]
 
+  *) mod_ssl: Fix possible crash when loading server certificate constraints.
+     PR 57694. [Paul Spangler <paul.spangler ni com>, Yann Ylavic]
+
+  *) core, modules: Avoid error response/document handling by the core if some
+     handler or input filter already did it while reading the request (causing
+     a double response body).  [Yann Ylavic]
+
   *) build: Don't load mod_cgi and mod_cgid in the default configuration
      if they're both built.  [olli hauer <ohauer gmx.de>]
 
diff --git a/STATUS b/STATUS
index 24e80119418..ae5d7687f49 100644
--- a/STATUS
+++ b/STATUS
@@ -105,12 +105,6 @@ RELEASE SHOWSTOPPERS:
 PATCHES ACCEPTED TO BACKPORT FROM TRUNK:
   [ start all new proposals below, under PATCHES PROPOSED. ]
 
-  *) mod_ssl: Fix possible crash when loading server certificate constraints.
-     PR 57694.
-     trunk patch: http://svn.apache.org/r1666297
-     2.4.x patch: trunk works (modulo CHANGES)
-     +1: ylavic, rjung, trawick
-
   *) mod_proxy: Use the correct server name for SNI in case the backend
      SSL connection itself is established via a proxy server.  PR 57139
      trunk patch: http://svn.apache.org/r1634120
diff --git a/modules/ssl/ssl_util_ssl.c b/modules/ssl/ssl_util_ssl.c
index b6183e8b55a..b32a2eb4fe8 100644
--- a/modules/ssl/ssl_util_ssl.c
+++ b/modules/ssl/ssl_util_ssl.c
@@ -173,12 +173,17 @@ BOOL SSL_X509_getBC(X509 *cert, int *ca, int *pathlen)
     *ca = bc->ca;
     *pathlen = -1 /* unlimited */;
     if (bc->pathlen != NULL) {
-        if ((bn = ASN1_INTEGER_to_BN(bc->pathlen, NULL)) == NULL)
+        if ((bn = ASN1_INTEGER_to_BN(bc->pathlen, NULL)) == NULL) {
+            BASIC_CONSTRAINTS_free(bc);
             return FALSE;
-        if ((cp = BN_bn2dec(bn)) == NULL)
+        }
+        if ((cp = BN_bn2dec(bn)) == NULL) {
+            BN_free(bn);
+            BASIC_CONSTRAINTS_free(bc);
             return FALSE;
+        }
         *pathlen = atoi(cp);
-        free(cp);
+        OPENSSL_free(cp);
         BN_free(bn);
     }
     BASIC_CONSTRAINTS_free(bc);