summaryrefslogtreecommitdiffstats
path: root/modules/ssl/ssl_util_ssl.c
diff options
context:
space:
mode:
authorYann Ylavic <ylavic@apache.org>2015-03-12 21:50:09 +0100
committerYann Ylavic <ylavic@apache.org>2015-03-12 21:50:09 +0100
commit5c4f5c43ccb34f129278764e04c3cc9ab1c95ea3 (patch)
tree94a0cfa7249ee9a649e49666e1b912afc4666a07 /modules/ssl/ssl_util_ssl.c
parentFix doc as spotted by Sven in online doc (diff)
downloadapache2-5c4f5c43ccb34f129278764e04c3cc9ab1c95ea3.tar.xz
apache2-5c4f5c43ccb34f129278764e04c3cc9ab1c95ea3.zip
ssl_util: Fix possible crash (free => OPENSSL_free) and error path leaks when
checking the server certificate constraints (SSL_X509_getBC()). git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1666297 13f79535-47bb-0310-9956-ffa450edef68
Diffstat (limited to 'modules/ssl/ssl_util_ssl.c')
-rw-r--r--modules/ssl/ssl_util_ssl.c11
1 files changed, 8 insertions, 3 deletions
diff --git a/modules/ssl/ssl_util_ssl.c b/modules/ssl/ssl_util_ssl.c
index 8a41fff7f5..a1fca36202 100644
--- a/modules/ssl/ssl_util_ssl.c
+++ b/modules/ssl/ssl_util_ssl.c
@@ -173,12 +173,17 @@ BOOL SSL_X509_getBC(X509 *cert, int *ca, int *pathlen)
*ca = bc->ca;
*pathlen = -1 /* unlimited */;
if (bc->pathlen != NULL) {
- if ((bn = ASN1_INTEGER_to_BN(bc->pathlen, NULL)) == NULL)
+ if ((bn = ASN1_INTEGER_to_BN(bc->pathlen, NULL)) == NULL) {
+ BASIC_CONSTRAINTS_free(bc);
return FALSE;
- if ((cp = BN_bn2dec(bn)) == NULL)
+ }
+ if ((cp = BN_bn2dec(bn)) == NULL) {
+ BN_free(bn);
+ BASIC_CONSTRAINTS_free(bc);
return FALSE;
+ }
*pathlen = atoi(cp);
- free(cp);
+ OPENSSL_free(cp);
BN_free(bn);
}
BASIC_CONSTRAINTS_free(bc);
generated by cgit v1.2.3 (git 2.39.1) at 2024-12-02 18:26:18 +0100