From: Yann Ylavic <ylavic@apache.org>
Date: Mon, 6 Nov 2023 10:53:28 +0000 (+0000)
Subject: md_crypt: Fix potential memory leak with openssl < 3.
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=eb6a9b7bb66f1ecc9abd538cb69a21636d9125f0;p=thirdparty%2Fapache%2Fhttpd.git

md_crypt: Fix potential memory leak with openssl < 3.

EVP_PKEY_get1_RSA()'s returned value should be EVP_PKEY_free()d, but
we can use EVP_PKEY_get0_RSA() here.



git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1913616 13f79535-47bb-0310-9956-ffa450edef68
---

diff --git a/modules/md/md_crypt.c b/modules/md/md_crypt.c
index e0b1a2f75a2..4b2af89a040 100644
--- a/modules/md/md_crypt.c
+++ b/modules/md/md_crypt.c
@@ -992,7 +992,7 @@ static const char *bn64(const BIGNUM *b, apr_pool_t *p)
 const char *md_pkey_get_rsa_e64(md_pkey_t *pkey, apr_pool_t *p)
 {
 #if OPENSSL_VERSION_NUMBER < 0x30000000L
-    RSA *rsa = EVP_PKEY_get1_RSA(pkey->pkey);
+    const RSA *rsa = EVP_PKEY_get0_RSA(pkey->pkey);
     if (rsa) {
         const BIGNUM *e;
         RSA_get0_key(rsa, NULL, &e, NULL);
@@ -1012,7 +1012,7 @@ const char *md_pkey_get_rsa_e64(md_pkey_t *pkey, apr_pool_t *p)
 const char *md_pkey_get_rsa_n64(md_pkey_t *pkey, apr_pool_t *p)
 {
 #if OPENSSL_VERSION_NUMBER < 0x30000000L
-    RSA *rsa = EVP_PKEY_get1_RSA(pkey->pkey);
+    const RSA *rsa = EVP_PKEY_get0_RSA(pkey->pkey);
     if (rsa) {
         const BIGNUM *n;
         RSA_get0_key(rsa, &n, NULL, NULL);