From: Yann Ylavic <ylavic@apache.org>
Date: Thu, 27 Feb 2020 12:34:03 +0000 (+0000)
Subject: mod_ssl: Fix memory leak of OCSP stapling response.
X-Git-Tag: 2.5.0-alpha2-ci-test-only~1614
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=a4c4586997828c20bdccad6a290603592b9d2c30;p=thirdparty%2Fapache%2Fhttpd.git

mod_ssl: Fix memory leak of OCSP stapling response.

The OCSP_RESPONSE is either ignored or serialized (i2d_OCSP_RESPONSE) in the
TLS response/handshake extension, so it must be freed.


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1874574 13f79535-47bb-0310-9956-ffa450edef68
---

diff --git a/CHANGES b/CHANGES
index d5d0b5eb16c..7a0d1059116 100644
--- a/CHANGES
+++ b/CHANGES
@@ -1,6 +1,8 @@
                                                          -*- coding: utf-8 -*-
 Changes with Apache 2.5.1
 
+  *) mod_ssl: Fix memory leak of OCSP stapling response.  [Yann Ylavic]
+
   *) mod_authz_groupfile: Drop AH01666 from loglevel "error" to "info".
      PR64172.
 
diff --git a/modules/ssl/ssl_util_stapling.c b/modules/ssl/ssl_util_stapling.c
index 8bb6e7c6c0a..32a838a07a2 100644
--- a/modules/ssl/ssl_util_stapling.c
+++ b/modules/ssl/ssl_util_stapling.c
@@ -870,17 +870,25 @@ static int stapling_cb(SSL *ssl, void *arg)
         }
     }
 
-    if (rsp && ((ok == TRUE) || (mctx->stapling_return_errors == TRUE))) {
-        ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, s, APLOGNO(01956)
-                     "stapling_cb: setting response");
-        if (!stapling_set_response(ssl, rsp))
-            return SSL_TLSEXT_ERR_ALERT_FATAL;
-        return SSL_TLSEXT_ERR_OK;
+    rv = SSL_TLSEXT_ERR_NOACK;
+    if (!rsp) {
+        ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, s, APLOGNO(01957)
+                     "stapling_cb: no suitable response available");
     }
-    ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, s, APLOGNO(01957)
-                 "stapling_cb: no suitable response available");
-
-    return SSL_TLSEXT_ERR_NOACK;
+    else {
+        if (ok == TRUE || mctx->stapling_return_errors == TRUE) {
+            ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, s, APLOGNO(01956)
+                         "stapling_cb: setting response");
+            if (!stapling_set_response(ssl, rsp)) {
+                rv = SSL_TLSEXT_ERR_ALERT_FATAL;
+            }
+            else {
+                rv = SSL_TLSEXT_ERR_OK;
+            }
+        }
+        OCSP_RESPONSE_free(rsp);
+    }
+    return rv;
 
 }