From: Emmanuel Hocdet Date: Fri, 6 Jan 2017 11:57:46 +0000 (+0100) Subject: BUG/MINOR: ssl: EVP_PKEY must be freed after X509_get_pubkey usage X-Git-Tag: v1.8-dev1~170 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=b7a4c34aac42a981d0fb8e733c0efb521d4e003e;p=thirdparty%2Fhaproxy.git BUG/MINOR: ssl: EVP_PKEY must be freed after X509_get_pubkey usage "X509_get_pubkey() attempts to decode the public key for certificate x. If successful it returns the public key as an EVP_PKEY pointer with its reference count incremented: this means the returned key must be freed up after use." --- diff --git a/src/ssl_sock.c b/src/ssl_sock.c index acf1c39ce3..32f290b452 100644 --- a/src/ssl_sock.c +++ b/src/ssl_sock.c @@ -834,11 +834,14 @@ static int ssl_sock_load_ocsp(SSL_CTX *ctx, const char *cert_path) if (!callback) { struct ocsp_cbk_arg *cb_arg = calloc(1, sizeof(*cb_arg)); + EVP_PKEY *pkey; cb_arg->is_single = 1; cb_arg->s_ocsp = iocsp; - cb_arg->single_kt = EVP_PKEY_base_id(X509_get_pubkey(x)); + pkey = X509_get_pubkey(x); + cb_arg->single_kt = EVP_PKEY_base_id(pkey); + EVP_PKEY_free(pkey); SSL_CTX_set_tlsext_status_cb(ctx, ssl_sock_ocsp_stapling_cbk); SSL_CTX_set_tlsext_status_arg(ctx, cb_arg); @@ -851,6 +854,7 @@ static int ssl_sock_load_ocsp(SSL_CTX *ctx, const char *cert_path) struct certificate_ocsp *tmp_ocsp; int index; int key_type; + EVP_PKEY *pkey; #ifdef SSL_CTX_get_tlsext_status_arg SSL_CTX_ctrl(ctx, SSL_CTRL_GET_TLSEXT_STATUS_REQ_CB_ARG, 0, &cb_arg); @@ -869,7 +873,10 @@ static int ssl_sock_load_ocsp(SSL_CTX *ctx, const char *cert_path) cb_arg->is_single = 0; cb_arg->single_kt = 0; - key_type = EVP_PKEY_base_id(X509_get_pubkey(x)); + pkey = X509_get_pubkey(x); + key_type = EVP_PKEY_base_id(pkey); + EVP_PKEY_free(pkey); + index = ssl_sock_get_ocsp_arg_kt_index(key_type); if (index >= 0 && !cb_arg->m_ocsp[index]) cb_arg->m_ocsp[index] = iocsp;