From: Yann Ylavic <ylavic@apache.org>
Date: Tue, 2 Jan 2018 10:34:10 +0000 (+0000)
Subject: mod_md: fix leaks in md_cert_get_issuers_uri() and md_cert_get_alt_names().
X-Git-Tag: 2.5.0-alpha2-ci-test-only~3021
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=59e77192475f4893057ca43c4c5dc0b28e20ea61;p=thirdparty%2Fapache%2Fhttpd.git

mod_md: fix leaks in md_cert_get_issuers_uri() and md_cert_get_alt_names().



git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1819799 13f79535-47bb-0310-9956-ffa450edef68
---

diff --git a/modules/md/md_crypt.c b/modules/md/md_crypt.c
index 7277806fecd..e540df50afc 100644
--- a/modules/md/md_crypt.c
+++ b/modules/md/md_crypt.c
@@ -783,30 +783,26 @@ int md_cert_covers_md(md_cert_t *cert, const md_t *md)
 
 apr_status_t md_cert_get_issuers_uri(const char **puri, md_cert_t *cert, apr_pool_t *p)
 {
-    int i, ext_idx, nid = NID_info_access;
-    X509_EXTENSION *ext;
-    X509V3_EXT_METHOD *ext_cls;
-    void *ext_data;
-    const char *uri = NULL;
     apr_status_t rv = APR_ENOENT;
-    
-    /* Waddle through x509  API history to get someone that may be able
-     * to hand us the issuer url for the cert chain */
-    ext_idx = X509_get_ext_by_NID(cert->x509, nid, -1);
-    ext = (ext_idx >= 0)? X509_get_ext(cert->x509, ext_idx) : NULL;
-    ext_cls = ext? (X509V3_EXT_METHOD*)X509V3_EXT_get(ext) : NULL;
-    if (ext_cls && (ext_data = X509_get_ext_d2i(cert->x509, nid, 0, 0))) {
-        CONF_VALUE *cval;
-        STACK_OF(CONF_VALUE) *ext_vals = ext_cls->i2v(ext_cls, ext_data, 0);
-        
-        for (i = 0; i < sk_CONF_VALUE_num(ext_vals); ++i) {
-            cval = sk_CONF_VALUE_value(ext_vals, i);
-            if (!strcmp("CA Issuers - URI", cval->name)) {
-                uri = apr_pstrdup(p, cval->value);
+    STACK_OF(ACCESS_DESCRIPTION) *xinfos;
+    const char *uri = NULL;
+    unsigned char *buf;
+    int i;
+
+    xinfos = X509_get_ext_d2i(cert->x509, NID_info_access, NULL, NULL);
+    if (xinfos) {
+        for (i = 0; i < sk_ACCESS_DESCRIPTION_num(xinfos); i++) {
+            ACCESS_DESCRIPTION *val = sk_ACCESS_DESCRIPTION_value(xinfos, i);
+            if (OBJ_obj2nid(val->method) == NID_ad_ca_issuers
+                    && val->location && val->location->type == GEN_URI) {
+                ASN1_STRING_to_UTF8(&buf, val->location->d.uniformResourceIdentifier);
+                uri = apr_pstrdup(p, (char *)buf);
+                OPENSSL_free(buf);
                 rv = APR_SUCCESS;
                 break;
             }
         }
+        sk_ACCESS_DESCRIPTION_pop_free(xinfos, ACCESS_DESCRIPTION_free);
     } 
     *puri = (APR_SUCCESS == rv)? uri : NULL;
     return rv;
@@ -820,7 +816,7 @@ apr_status_t md_cert_get_alt_names(apr_array_header_t **pnames, md_cert_t *cert,
     unsigned char *buf;
     int i;
     
-    xalt_names = (GENERAL_NAMES*)X509_get_ext_d2i(cert->x509, NID_subject_alt_name, NULL, NULL);
+    xalt_names = X509_get_ext_d2i(cert->x509, NID_subject_alt_name, NULL, NULL);
     if (xalt_names) {
         GENERAL_NAME *cval;
         
@@ -839,6 +835,7 @@ apr_status_t md_cert_get_alt_names(apr_array_header_t **pnames, md_cert_t *cert,
                     break;
             }
         }
+        sk_GENERAL_NAME_pop_free(xalt_names, GENERAL_NAME_free);
         rv = APR_SUCCESS;
     }
     *pnames = (APR_SUCCESS == rv)? names : NULL;