From b7a4c34aac42a981d0fb8e733c0efb521d4e003e Mon Sep 17 00:00:00 2001 From: Emmanuel Hocdet Date: Fri, 6 Jan 2017 12:57:46 +0100 Subject: [PATCH] BUG/MINOR: ssl: EVP_PKEY must be freed after X509_get_pubkey usage "X509_get_pubkey() attempts to decode the public key for certificate x. If successful it returns the public key as an EVP_PKEY pointer with its reference count incremented: this means the returned key must be freed up after use." --- src/ssl_sock.c | 11 +++++++++-- 1 file changed, 9 insertions(+), 2 deletions(-) diff --git a/src/ssl_sock.c b/src/ssl_sock.c index acf1c39ce..32f290b45 100644 --- a/src/ssl_sock.c +++ b/src/ssl_sock.c @@ -834,11 +834,14 @@ static int ssl_sock_load_ocsp(SSL_CTX *ctx, const char *cert_path) if (!callback) { struct ocsp_cbk_arg *cb_arg = calloc(1, sizeof(*cb_arg)); + EVP_PKEY *pkey; cb_arg->is_single = 1; cb_arg->s_ocsp = iocsp; - cb_arg->single_kt = EVP_PKEY_base_id(X509_get_pubkey(x)); + pkey = X509_get_pubkey(x); + cb_arg->single_kt = EVP_PKEY_base_id(pkey); + EVP_PKEY_free(pkey); SSL_CTX_set_tlsext_status_cb(ctx, ssl_sock_ocsp_stapling_cbk); SSL_CTX_set_tlsext_status_arg(ctx, cb_arg); @@ -851,6 +854,7 @@ static int ssl_sock_load_ocsp(SSL_CTX *ctx, const char *cert_path) struct certificate_ocsp *tmp_ocsp; int index; int key_type; + EVP_PKEY *pkey; #ifdef SSL_CTX_get_tlsext_status_arg SSL_CTX_ctrl(ctx, SSL_CTRL_GET_TLSEXT_STATUS_REQ_CB_ARG, 0, &cb_arg); @@ -869,7 +873,10 @@ static int ssl_sock_load_ocsp(SSL_CTX *ctx, const char *cert_path) cb_arg->is_single = 0; cb_arg->single_kt = 0; - key_type = EVP_PKEY_base_id(X509_get_pubkey(x)); + pkey = X509_get_pubkey(x); + key_type = EVP_PKEY_base_id(pkey); + EVP_PKEY_free(pkey); + index = ssl_sock_get_ocsp_arg_kt_index(key_type); if (index >= 0 && !cb_arg->m_ocsp[index]) cb_arg->m_ocsp[index] = iocsp;