BUG/MINOR: ssl: increment issuer refcount if in chain

When using the OCSP response, if the issuer of the response is in
the certificate chain, its address will be stored in ckch->ocsp_issuer.
However, since the ocsp_issuer could be filled by a separate file, this
pointer is free'd. The refcount of the X509 need to be incremented to
avoid a double free if we free the ocsp_issuer AND the chain.

diff --git a/src/ssl_sock.c b/src/ssl_sock.c
index 4ff051b9b48027c0ef4f803deb1ffba73e76faeb..db9621b21bf5e8a9f8ddf52d00f172a7d27ec446 100644 (file)
--- a/src/ssl_sock.c
+++ b/src/ssl_sock.c
@@ -3468,6 +3468,7 @@ static int ssl_sock_load_files_into_ckch(const char *path, struct cert_key_and_c
                        issuer = sk_X509_value(ckch->chain, i);
                        if (X509_check_issued(issuer, ckch->cert) == X509_V_OK) {
                                ckch->ocsp_issuer = issuer;
+                               X509_up_ref(ckch->ocsp_issuer);
                                break;
                        } else
                                issuer = NULL;