[tor-commits] [tor/master] Fix a reference-leak in tor_tls_received_v3_certificate
nickm at torproject.org
nickm at torproject.org
Sun Oct 23 17:21:44 UTC 2011
commit 87a93917c3f6aed650c7db2d6670b15f894cff56
Author: Nick Mathewson <nickm at torproject.org>
Date: Sun Oct 23 12:44:57 2011 -0400
Fix a reference-leak in tor_tls_received_v3_certificate
We were calling SSL_get_peer_certificate but not X509_free.
This is a major part of bug4252; the bug has been in no released version.
---
src/common/tortls.c | 30 ++++++++++++++++++++----------
1 files changed, 20 insertions(+), 10 deletions(-)
diff --git a/src/common/tortls.c b/src/common/tortls.c
index e540bfd..a8b6085 100644
--- a/src/common/tortls.c
+++ b/src/common/tortls.c
@@ -2229,33 +2229,43 @@ int
tor_tls_received_v3_certificate(tor_tls_t *tls)
{
X509 *cert = SSL_get_peer_certificate(tls->ssl);
- EVP_PKEY *key;
+ EVP_PKEY *key = NULL;
X509_NAME *issuer_name, *subject_name;
+ int is_v3 = 0;
if (!cert) {
log_warn(LD_BUG, "Called on a connection with no peer certificate");
- return 0;
+ goto done;
}
subject_name = X509_get_subject_name(cert);
issuer_name = X509_get_issuer_name(cert);
- if (X509_name_cmp(subject_name, issuer_name) == 0)
- return 1; /* purportedly self signed */
+ if (X509_name_cmp(subject_name, issuer_name) == 0) {
+ is_v3 = 1; /* purportedly self signed */
+ goto done;
+ }
if (dn_indicates_v3_cert(subject_name) ||
- dn_indicates_v3_cert(issuer_name))
- return 1; /* DN is fancy */
+ dn_indicates_v3_cert(issuer_name)) {
+ is_v3 = 1; /* DN is fancy */
+ goto done;
+ }
key = X509_get_pubkey(cert);
if (EVP_PKEY_bits(key) != 1024 ||
EVP_PKEY_type(key->type) != EVP_PKEY_RSA) {
- EVP_PKEY_free(key);
- return 1; /* Key is fancy */
+ is_v3 = 1; /* Key is fancy */
+ goto done;
}
- EVP_PKEY_free(key);
- return 0;
+ done:
+ if (key)
+ EVP_PKEY_free(key);
+ if (cert)
+ X509_free(cert);
+
+ return is_v3;
}
/** Return the number of server handshakes that we've noticed doing on
More information about the tor-commits
mailing list