[or-cvs] r13052: Fix bug 582: decref the idcert when we add it to the store. (in tor/trunk: . src/common)

nickm at seul.org nickm at seul.org
Mon Jan 7 16:50:31 UTC 2008 

Author: nickm
Date: 2008-01-07 11:50:31 -0500 (Mon, 07 Jan 2008)
New Revision: 13052

Modified:
   tor/trunk/
   tor/trunk/ChangeLog
   tor/trunk/src/common/tortls.c
Log:
 r17490 at catbus:  nickm | 2008-01-07 11:48:02 -0500
 Fix bug 582: decref the idcert when we add it to the store.



Property changes on: tor/trunk
___________________________________________________________________
 svk:merge ticket from /tor/trunk [r17490] on 8246c3cf-6607-4228-993b-4d95d33730f1

Modified: tor/trunk/ChangeLog
===================================================================
--- tor/trunk/ChangeLog	2008-01-07 16:17:17 UTC (rev 13051)
+++ tor/trunk/ChangeLog	2008-01-07 16:50:31 UTC (rev 13052)
@@ -27,6 +27,8 @@
     - Patch from Karsten Loesing to complain less at both the client
       and the relay when a relay used to have the HSDir flag but doesn't
       anymore, and we try to upload a hidden service descriptor.
+    - Stop leaking one cert per TLS context.  Fixes bug 582.  Bugfix
+      on 0.2.0.15-alpha.
 
   o Minor features (controller):
     - Get NS events working again.  (Patch from tup)

Modified: tor/trunk/src/common/tortls.c
===================================================================
--- tor/trunk/src/common/tortls.c	2008-01-07 16:17:17 UTC (rev 13051)
+++ tor/trunk/src/common/tortls.c	2008-01-07 16:50:31 UTC (rev 13052)
@@ -550,18 +550,14 @@
     goto error;
   X509_free(cert); /* We just added a reference to cert. */
   cert=NULL;
-#if 0
-  if (idcert && !SSL_CTX_add_extra_chain_cert(result->ctx,idcert))
-    goto error;
-#else
   if (idcert) {
     X509_STORE *s = SSL_CTX_get_cert_store(result->ctx);
     tor_assert(s);
     X509_STORE_add_cert(s, idcert); /*XXXX020 This cert seems not to get
                                      * freed.  Fix that! */
+    X509_free(idcert); /* The context now owns the reference to idcert */
+    idcert = NULL;
   }
-#endif
-  idcert=NULL; /* The context now owns the reference to idcert */
   SSL_CTX_set_session_cache_mode(result->ctx, SSL_SESS_CACHE_OFF);
   tor_assert(rsa);
   if (!(pkey = _crypto_pk_env_get_evp_pkey(rsa,1)))

More information about the tor-commits mailing list