From: Stefan Eissing Date: Thu, 20 Nov 2025 12:52:24 +0000 (+0000) Subject: *) mod_md: update to version 2.6.6 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=99b02bf7f0fcf34505fddf83cb7a7b709defb98b;p=thirdparty%2Fapache%2Fhttpd.git *) mod_md: update to version 2.6.6 - Fix a small memory leak when using OpenSSL's BIGNUMs. [Theo Buehler] - Fix reuse of curl easy handles by resetting them. [Michael Kaufmann] git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1929883 13f79535-47bb-0310-9956-ffa450edef68 --- diff --git a/changes-entries/md_v2.6.6.txt b/changes-entries/md_v2.6.6.txt new file mode 100644 index 0000000000..700e0fbaeb --- /dev/null +++ b/changes-entries/md_v2.6.6.txt @@ -0,0 +1,3 @@ + *) mod_md: update to version 2.6.6 + - Fix a small memory leak when using OpenSSL's BIGNUMs. [Theo Buehler] + - Fix reuse of curl easy handles by resetting them. [Michael Kaufmann] diff --git a/modules/md/md_crypt.c b/modules/md/md_crypt.c index b06d950490..eef1268353 100644 --- a/modules/md/md_crypt.c +++ b/modules/md/md_crypt.c @@ -1244,7 +1244,7 @@ const char *md_cert_get_serial_number(const md_cert_t *cert, apr_pool_t *p) serial = BN_bn2hex(bn); s = apr_pstrdup(p, serial); OPENSSL_free((void*)serial); - OPENSSL_free((void*)bn); + BN_free(bn); } return s; } @@ -2254,7 +2254,7 @@ apr_status_t md_cert_get_ari_cert_id(const char **pari_cert_id, memset(&ser_buf, 0, sizeof(ser_buf)); bn = ASN1_INTEGER_to_BN(serial, NULL); sder_len = BN_bn2bin(bn, sbuf); - OPENSSL_free((void*)bn); + BN_free(bn); if (sder_len < 1) return APR_EINVAL; ser_buf.len = (apr_size_t)sder_len; diff --git a/modules/md/md_curl.c b/modules/md/md_curl.c index e6a37176e9..fac2ab8ec9 100644 --- a/modules/md/md_curl.c +++ b/modules/md/md_curl.c @@ -255,17 +255,19 @@ static apr_status_t internals_setup(md_http_request_t *req) rv = APR_EGENERAL; goto leave; } - curl_easy_setopt(curl, CURLOPT_HEADERFUNCTION, header_cb); - curl_easy_setopt(curl, CURLOPT_HEADERDATA, NULL); - curl_easy_setopt(curl, CURLOPT_READFUNCTION, req_data_cb); - curl_easy_setopt(curl, CURLOPT_READDATA, NULL); - curl_easy_setopt(curl, CURLOPT_WRITEFUNCTION, resp_data_cb); - curl_easy_setopt(curl, CURLOPT_WRITEDATA, NULL); } else { md_log_perror(MD_LOG_MARK, MD_LOG_TRACE3, 0, req->pool, "reusing curl instance from http"); + curl_easy_reset(curl); } + curl_easy_setopt(curl, CURLOPT_HEADERFUNCTION, header_cb); + curl_easy_setopt(curl, CURLOPT_HEADERDATA, NULL); + curl_easy_setopt(curl, CURLOPT_READFUNCTION, req_data_cb); + curl_easy_setopt(curl, CURLOPT_READDATA, NULL); + curl_easy_setopt(curl, CURLOPT_WRITEFUNCTION, resp_data_cb); + curl_easy_setopt(curl, CURLOPT_WRITEDATA, NULL); + internals = apr_pcalloc(req->pool, sizeof(*internals)); internals->curl = curl; diff --git a/modules/md/md_ocsp.c b/modules/md/md_ocsp.c index 869fbb64b7..d2dfd73b68 100644 --- a/modules/md/md_ocsp.c +++ b/modules/md/md_ocsp.c @@ -532,7 +532,7 @@ static const char *certid_summary(const OCSP_CERTID *certid, apr_pool_t *p) bn = ASN1_INTEGER_to_BN(aserial, NULL); s = BN_bn2hex(bn); serial = apr_pstrdup(p, s); - OPENSSL_free((void*)bn); + BN_free(bn); OPENSSL_free((void*)s); } return apr_psprintf(p, "certid[der=%s, issuer=%s, key=%s, serial=%s]", diff --git a/modules/md/md_version.h b/modules/md/md_version.h index 858d44d9a3..f977263dab 100644 --- a/modules/md/md_version.h +++ b/modules/md/md_version.h @@ -27,7 +27,7 @@ * @macro * Version number of the md module as c string */ -#define MOD_MD_VERSION "2.6.5-git" +#define MOD_MD_VERSION "2.6.6" /** * @macro @@ -35,7 +35,7 @@ * release. This is a 24 bit number with 8 bits for major number, 8 bits * for minor and 8 bits for patch. Version 1.2.3 becomes 0x010203. */ -#define MOD_MD_VERSION_NUM 0x020605 +#define MOD_MD_VERSION_NUM 0x020606 #define MD_ACME_DEF_URL "https://acme-v02.api.letsencrypt.org/directory"