commit 87a93917c3f6aed650c7db2d6670b15f894cff56 Author: Nick Mathewson nickm@torproject.org Date: Sun Oct 23 12:44:57 2011 -0400
Fix a reference-leak in tor_tls_received_v3_certificate
We were calling SSL_get_peer_certificate but not X509_free.
This is a major part of bug4252; the bug has been in no released version. --- src/common/tortls.c | 30 ++++++++++++++++++++---------- 1 files changed, 20 insertions(+), 10 deletions(-)
diff --git a/src/common/tortls.c b/src/common/tortls.c index e540bfd..a8b6085 100644 --- a/src/common/tortls.c +++ b/src/common/tortls.c @@ -2229,33 +2229,43 @@ int tor_tls_received_v3_certificate(tor_tls_t *tls) { X509 *cert = SSL_get_peer_certificate(tls->ssl); - EVP_PKEY *key; + EVP_PKEY *key = NULL; X509_NAME *issuer_name, *subject_name; + int is_v3 = 0;
if (!cert) { log_warn(LD_BUG, "Called on a connection with no peer certificate"); - return 0; + goto done; }
subject_name = X509_get_subject_name(cert); issuer_name = X509_get_issuer_name(cert);
- if (X509_name_cmp(subject_name, issuer_name) == 0) - return 1; /* purportedly self signed */ + if (X509_name_cmp(subject_name, issuer_name) == 0) { + is_v3 = 1; /* purportedly self signed */ + goto done; + }
if (dn_indicates_v3_cert(subject_name) || - dn_indicates_v3_cert(issuer_name)) - return 1; /* DN is fancy */ + dn_indicates_v3_cert(issuer_name)) { + is_v3 = 1; /* DN is fancy */ + goto done; + }
key = X509_get_pubkey(cert); if (EVP_PKEY_bits(key) != 1024 || EVP_PKEY_type(key->type) != EVP_PKEY_RSA) { - EVP_PKEY_free(key); - return 1; /* Key is fancy */ + is_v3 = 1; /* Key is fancy */ + goto done; }
- EVP_PKEY_free(key); - return 0; + done: + if (key) + EVP_PKEY_free(key); + if (cert) + X509_free(cert); + + return is_v3; }
/** Return the number of server handshakes that we've noticed doing on