From: Howard Chu Date: Wed, 15 Sep 2021 12:03:13 +0000 (+0100) Subject: ITS#9686 plug peercert memleak X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=d285c051065baa774269cf5bf246dc2b25177be4;p=thirdparty%2Fopenldap.git ITS#9686 plug peercert memleak --- diff --git a/libraries/libldap/tls_o.c b/libraries/libldap/tls_o.c index 283ec4c266..0e9845f60c 100644 --- a/libraries/libldap/tls_o.c +++ b/libraries/libldap/tls_o.c @@ -1056,9 +1056,11 @@ tlso_session_endpoint( tls_session *sess, struct berval *buf, int is_server ) md = EVP_sha256(); if ( !X509_digest( cert, md, (unsigned char *) (buf->bv_val), &md_len )) - return 0; + md_len = 0; buf->bv_len = md_len; + if ( !is_server ) + X509_free( cert ); return md_len; } @@ -1081,15 +1083,19 @@ static int tlso_session_peercert( tls_session *sess, struct berval *der ) { tlso_session *s = (tlso_session *)sess; - unsigned char *ptr; + int ret = -1; X509 *x = SSL_get_peer_certificate(s); - der->bv_len = i2d_X509(x, NULL); - der->bv_val = LDAP_MALLOC(der->bv_len); - if ( !der->bv_val ) - return -1; - ptr = (unsigned char *) (der->bv_val); - i2d_X509(x, &ptr); - return 0; + if ( x ) { + der->bv_len = i2d_X509(x, NULL); + der->bv_val = LDAP_MALLOC(der->bv_len); + if ( der->bv_val ) { + unsigned char *ptr = (unsigned char *) (der->bv_val); + i2d_X509(x, &ptr); + ret = 0; + } + X509_free( x ); + } + return ret; } static int @@ -1102,13 +1108,17 @@ tlso_session_pinning( LDAP *ld, tls_session *sess, char *hashalg, struct berval X509 *cert = SSL_get_peer_certificate(s); int len, rc = LDAP_SUCCESS; + if ( !cert ) + return -1; + len = i2d_X509_PUBKEY( X509_get_X509_PUBKEY(cert), NULL ); tmp = LDAP_MALLOC( len ); key.bv_val = (char *) tmp; if ( !key.bv_val ) { - return -1; + rc = -1; + goto done; } key.bv_len = i2d_X509_PUBKEY( X509_get_X509_PUBKEY(cert), &tmp ); @@ -1162,6 +1172,7 @@ tlso_session_pinning( LDAP *ld, tls_session *sess, char *hashalg, struct berval done: LDAP_FREE( key.bv_val ); + X509_free( cert ); return rc; }