From: Nick Mathewson Date: Wed, 5 Sep 2018 00:46:46 +0000 (-0400) Subject: Debug one last reference-counting issue that only appeared on openssl master X-Git-Tag: tor-0.3.5.1-alpha~90 X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=03efb67b42ce88ca6073eadc1b66d6151d646607;p=thirdparty%2Ftor.git Debug one last reference-counting issue that only appeared on openssl master --- diff --git a/src/lib/tls/tortls_openssl.c b/src/lib/tls/tortls_openssl.c index ab9712962b..cfe859adf3 100644 --- a/src/lib/tls/tortls_openssl.c +++ b/src/lib/tls/tortls_openssl.c @@ -1380,8 +1380,7 @@ tor_tls_get_own_cert,(tor_tls_t *tls)) * *id_cert_out respectively. Log all messages at level * severity. * - * Note that a reference is added to cert_out, so it needs to be - * freed. id_cert_out doesn't. */ + * Note that a reference is added both of the returned certificates. */ MOCK_IMPL(void, try_to_extract_certs_from_tls,(int severity, tor_tls_t *tls, X509 **cert_out, X509 **id_cert_out)) @@ -1411,7 +1410,7 @@ try_to_extract_certs_from_tls,(int severity, tor_tls_t *tls, if (X509_cmp(id_cert, cert) != 0) break; } - *id_cert_out = id_cert; + *id_cert_out = id_cert ? X509_dup(id_cert) : NULL; } /** Return the number of bytes available for reading from tls. diff --git a/src/test/test_tortls.c b/src/test/test_tortls.c index 8e8487a408..7ab4b5c2aa 100644 --- a/src/test/test_tortls.c +++ b/src/test/test_tortls.c @@ -133,8 +133,10 @@ fixed_try_to_extract_certs_from_tls(int severity, tor_tls_t *tls, { (void) severity; (void) tls; - *cert_out = fixed_try_to_extract_certs_from_tls_cert_out_result; - *id_cert_out = fixed_try_to_extract_certs_from_tls_id_cert_out_result; + *cert_out = tor_x509_cert_impl_dup_( + fixed_try_to_extract_certs_from_tls_cert_out_result); + *id_cert_out = tor_x509_cert_impl_dup_( + fixed_try_to_extract_certs_from_tls_id_cert_out_result); } static void @@ -498,6 +500,10 @@ test_tortls_verify(void *ignored) UNMOCK(try_to_extract_certs_from_tls); tor_x509_cert_impl_free(cert1); tor_x509_cert_impl_free(cert2); + tor_x509_cert_impl_free(validCert); + tor_x509_cert_impl_free(invalidCert); + tor_x509_cert_impl_free(caCert); + tor_free(tls); crypto_pk_free(k); }