lobo/isync
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

fix leak of openssl X509 objects

Browse Source 
SSL_get_peer_certificate() increments the refcount of the object.
This commit is contained in:
Oswald Buddenhagen 2019-07-28 11:46:43 +02:00
parent 8959c6b791
commit f63e4338e8
1 changed files with 9 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
src/socket.c
View File

@ -176,22 +176,29 @@ verify_cert_host( const server_conf_t *conf, conn_t *sock )
trusted = (STACK_OF(X509_OBJECT) *)sock->conf->trusted_certs; trusted = (STACK_OF(X509_OBJECT) *)sock->conf->trusted_certs;
for (i = 0; i < sk_X509_OBJECT_num( trusted ); i++) { for (i = 0; i < sk_X509_OBJECT_num( trusted ); i++) {
if (!X509_cmp( cert, X509_OBJECT_get0_X509( sk_X509_OBJECT_value( trusted, i ) ) )) if (!X509_cmp( cert, X509_OBJECT_get0_X509( sk_X509_OBJECT_value( trusted, i ) ) )) {
X509_free( cert );
return 0; return 0;
}
} }
err = SSL_get_verify_result( sock->ssl ); err = SSL_get_verify_result( sock->ssl );
if (err != X509_V_OK) { if (err != X509_V_OK) {
error( "SSL error connecting %s: %s\n", sock->name, X509_verify_cert_error_string( err ) ); error( "SSL error connecting %s: %s\n", sock->name, X509_verify_cert_error_string( err ) );
X509_free( cert );
return -1; return -1;
} }
if (!conf->host) { if (!conf->host) {
error( "SSL error connecting %s: Neither host nor matching certificate specified\n", sock->name ); error( "SSL error connecting %s: Neither host nor matching certificate specified\n", sock->name );
X509_free( cert );
return -1; return -1;
} }
return verify_hostname( cert, conf->host ); int ret = verify_hostname( cert, conf->host );
X509_free( cert );
return ret;
} }
static int static int