You are viewing a plain text version of this content. The canonical link for it is here.
Posted to cvs@httpd.apache.org by yl...@apache.org on 2018/01/02 10:34:10 UTC
svn commit: r1819799 - /httpd/httpd/trunk/modules/md/md_crypt.c
Author: ylavic
Date: Tue Jan 2 10:34:10 2018
New Revision: 1819799
URL: http://svn.apache.org/viewvc?rev=1819799&view=rev
Log:
mod_md: fix leaks in md_cert_get_issuers_uri() and md_cert_get_alt_names().
Modified:
httpd/httpd/trunk/modules/md/md_crypt.c
Modified: httpd/httpd/trunk/modules/md/md_crypt.c
URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/md/md_crypt.c?rev=1819799&r1=1819798&r2=1819799&view=diff
==============================================================================
--- httpd/httpd/trunk/modules/md/md_crypt.c (original)
+++ httpd/httpd/trunk/modules/md/md_crypt.c Tue Jan 2 10:34:10 2018
@@ -783,30 +783,26 @@ int md_cert_covers_md(md_cert_t *cert, c
apr_status_t md_cert_get_issuers_uri(const char **puri, md_cert_t *cert, apr_pool_t *p)
{
- int i, ext_idx, nid = NID_info_access;
- X509_EXTENSION *ext;
- X509V3_EXT_METHOD *ext_cls;
- void *ext_data;
- const char *uri = NULL;
apr_status_t rv = APR_ENOENT;
-
- /* Waddle through x509 API history to get someone that may be able
- * to hand us the issuer url for the cert chain */
- ext_idx = X509_get_ext_by_NID(cert->x509, nid, -1);
- ext = (ext_idx >= 0)? X509_get_ext(cert->x509, ext_idx) : NULL;
- ext_cls = ext? (X509V3_EXT_METHOD*)X509V3_EXT_get(ext) : NULL;
- if (ext_cls && (ext_data = X509_get_ext_d2i(cert->x509, nid, 0, 0))) {
- CONF_VALUE *cval;
- STACK_OF(CONF_VALUE) *ext_vals = ext_cls->i2v(ext_cls, ext_data, 0);
-
- for (i = 0; i < sk_CONF_VALUE_num(ext_vals); ++i) {
- cval = sk_CONF_VALUE_value(ext_vals, i);
- if (!strcmp("CA Issuers - URI", cval->name)) {
- uri = apr_pstrdup(p, cval->value);
+ STACK_OF(ACCESS_DESCRIPTION) *xinfos;
+ const char *uri = NULL;
+ unsigned char *buf;
+ int i;
+
+ xinfos = X509_get_ext_d2i(cert->x509, NID_info_access, NULL, NULL);
+ if (xinfos) {
+ for (i = 0; i < sk_ACCESS_DESCRIPTION_num(xinfos); i++) {
+ ACCESS_DESCRIPTION *val = sk_ACCESS_DESCRIPTION_value(xinfos, i);
+ if (OBJ_obj2nid(val->method) == NID_ad_ca_issuers
+ && val->location && val->location->type == GEN_URI) {
+ ASN1_STRING_to_UTF8(&buf, val->location->d.uniformResourceIdentifier);
+ uri = apr_pstrdup(p, (char *)buf);
+ OPENSSL_free(buf);
rv = APR_SUCCESS;
break;
}
}
+ sk_ACCESS_DESCRIPTION_pop_free(xinfos, ACCESS_DESCRIPTION_free);
}
*puri = (APR_SUCCESS == rv)? uri : NULL;
return rv;
@@ -820,7 +816,7 @@ apr_status_t md_cert_get_alt_names(apr_a
unsigned char *buf;
int i;
- xalt_names = (GENERAL_NAMES*)X509_get_ext_d2i(cert->x509, NID_subject_alt_name, NULL, NULL);
+ xalt_names = X509_get_ext_d2i(cert->x509, NID_subject_alt_name, NULL, NULL);
if (xalt_names) {
GENERAL_NAME *cval;
@@ -839,6 +835,7 @@ apr_status_t md_cert_get_alt_names(apr_a
break;
}
}
+ sk_GENERAL_NAME_pop_free(xalt_names, GENERAL_NAME_free);
rv = APR_SUCCESS;
}
*pnames = (APR_SUCCESS == rv)? names : NULL;