From: Giovanni Bechis <gbechis@apache.org>
Date: Fri, 25 Feb 2022 09:23:43 +0000 (+0000)
Subject: free memory when needed
X-Git-Tag: 2.5.0-alpha2-ci-test-only~471
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=6f01f20be9efd06e242d727d06e5de1113de353d;p=thirdparty%2Fapache%2Fhttpd.git

free memory when needed
bz #65905


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1898410 13f79535-47bb-0310-9956-ffa450edef68
---

diff --git a/modules/ssl/ssl_engine_init.c b/modules/ssl/ssl_engine_init.c
index 34ec23349fa..750a4a2d3bc 100644
--- a/modules/ssl/ssl_engine_init.c
+++ b/modules/ssl/ssl_engine_init.c
@@ -1846,6 +1846,7 @@ static apr_status_t ssl_init_proxy_certs(server_rec *s,
         ap_log_error(APLOG_MARK, APLOG_EMERG, 0, s, APLOGNO(02208)
                      "SSL proxy client cert initialization failed");
         ssl_log_ssl_error(SSLLOG_MARK, APLOG_EMERG, s);
+        sk_X509_INFO_free(sk);
         return ssl_die(s);
     }
 
@@ -1855,7 +1856,11 @@ static apr_status_t ssl_init_proxy_certs(server_rec *s,
         int i;
 
         X509_INFO *inf = sk_X509_INFO_value(pkp->certs, n);
-        X509_STORE_CTX_init(sctx, store, inf->x509, NULL);
+        if (!X509_STORE_CTX_init(sctx, store, inf->x509, NULL)) {
+            sk_X509_INFO_free(sk);
+            X509_STORE_CTX_free(sctx);
+            return ssl_die(s);
+        }
 
         /* Attempt to verify the client cert */
         if (X509_verify_cert(sctx) != 1) {