commit 03efb67b42ce88ca6073eadc1b66d6151d646607 Author: Nick Mathewson nickm@torproject.org Date: Tue Sep 4 20:46:46 2018 -0400
Debug one last reference-counting issue that only appeared on openssl master --- src/lib/tls/tortls_openssl.c | 5 ++--- src/test/test_tortls.c | 10 ++++++++-- 2 files changed, 10 insertions(+), 5 deletions(-)
diff --git a/src/lib/tls/tortls_openssl.c b/src/lib/tls/tortls_openssl.c index ab9712962..cfe859adf 100644 --- a/src/lib/tls/tortls_openssl.c +++ b/src/lib/tls/tortls_openssl.c @@ -1380,8 +1380,7 @@ tor_tls_get_own_cert,(tor_tls_t *tls)) * *<b>id_cert_out</b> respectively. Log all messages at level * <b>severity</b>. * - * Note that a reference is added to cert_out, so it needs to be - * freed. id_cert_out doesn't. */ + * Note that a reference is added both of the returned certificates. */ MOCK_IMPL(void, try_to_extract_certs_from_tls,(int severity, tor_tls_t *tls, X509 **cert_out, X509 **id_cert_out)) @@ -1411,7 +1410,7 @@ try_to_extract_certs_from_tls,(int severity, tor_tls_t *tls, if (X509_cmp(id_cert, cert) != 0) break; } - *id_cert_out = id_cert; + *id_cert_out = id_cert ? X509_dup(id_cert) : NULL; }
/** Return the number of bytes available for reading from <b>tls</b>. diff --git a/src/test/test_tortls.c b/src/test/test_tortls.c index 8e8487a40..7ab4b5c2a 100644 --- a/src/test/test_tortls.c +++ b/src/test/test_tortls.c @@ -133,8 +133,10 @@ fixed_try_to_extract_certs_from_tls(int severity, tor_tls_t *tls, { (void) severity; (void) tls; - *cert_out = fixed_try_to_extract_certs_from_tls_cert_out_result; - *id_cert_out = fixed_try_to_extract_certs_from_tls_id_cert_out_result; + *cert_out = tor_x509_cert_impl_dup_( + fixed_try_to_extract_certs_from_tls_cert_out_result); + *id_cert_out = tor_x509_cert_impl_dup_( + fixed_try_to_extract_certs_from_tls_id_cert_out_result); }
static void @@ -498,6 +500,10 @@ test_tortls_verify(void *ignored) UNMOCK(try_to_extract_certs_from_tls); tor_x509_cert_impl_free(cert1); tor_x509_cert_impl_free(cert2); + tor_x509_cert_impl_free(validCert); + tor_x509_cert_impl_free(invalidCert); + tor_x509_cert_impl_free(caCert); + tor_free(tls); crypto_pk_free(k); }