RepoMirrors/haproxy
1
0
Fork 0
mirror of http://git.haproxy.org/git/haproxy.git/ synced 2025-03-25 04:17:42 +00:00
Code Issues Packages Projects Releases Wiki Activity

BUG/MINOR: ssl: EVP_PKEY must be freed after X509_get_pubkey usage

Browse Source 
"X509_get_pubkey() attempts to decode the public key for certificate x.
If successful it returns the public key as an EVP_PKEY pointer with its
reference count incremented: this means the returned key must be freed
up after use."
This commit is contained in:
Emmanuel Hocdet 2017-01-06 12:57:46 +01:00 committed by Willy Tarreau
parent 7b760c9c80
commit b7a4c34aac
1 changed files with 9 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
src/ssl_sock.c
View File

@ -834,11 +834,14 @@ static int ssl_sock_load_ocsp(SSL_CTX *ctx, const char *cert_path)
if (!callback) {
struct ocsp_cbk_arg *cb_arg = calloc(1, sizeof(*cb_arg));
EVP_PKEY *pkey;
cb_arg->is_single = 1;
cb_arg->s_ocsp = iocsp;
cb_arg->single_kt = EVP_PKEY_base_id(X509_get_pubkey(x));
pkey = X509_get_pubkey(x);
cb_arg->single_kt = EVP_PKEY_base_id(pkey);
EVP_PKEY_free(pkey);
SSL_CTX_set_tlsext_status_cb(ctx, ssl_sock_ocsp_stapling_cbk);
SSL_CTX_set_tlsext_status_arg(ctx, cb_arg);
@ -851,6 +854,7 @@ static int ssl_sock_load_ocsp(SSL_CTX *ctx, const char *cert_path)
struct certificate_ocsp *tmp_ocsp;
int index;
int key_type;
EVP_PKEY *pkey;
#ifdef SSL_CTX_get_tlsext_status_arg
SSL_CTX_ctrl(ctx, SSL_CTRL_GET_TLSEXT_STATUS_REQ_CB_ARG, 0, &cb_arg);
@ -869,7 +873,10 @@ static int ssl_sock_load_ocsp(SSL_CTX *ctx, const char *cert_path)
cb_arg->is_single = 0;
cb_arg->single_kt = 0;
key_type = EVP_PKEY_base_id(X509_get_pubkey(x));
pkey = X509_get_pubkey(x);
key_type = EVP_PKEY_base_id(pkey);
EVP_PKEY_free(pkey);
index = ssl_sock_get_ocsp_arg_kt_index(key_type);
if (index >= 0 && !cb_arg->m_ocsp[index])
cb_arg->m_ocsp[index] = iocsp;