diff options
author | Nick Mathewson <nickm@torproject.org> | 2011-10-23 12:44:57 -0400 |
---|---|---|
committer | Nick Mathewson <nickm@torproject.org> | 2011-10-23 13:23:53 -0400 |
commit | 87a93917c3f6aed650c7db2d6670b15f894cff56 (patch) | |
tree | 09c1d6ed47dcb9871498a6ded12d3708934e2d47 /src/common | |
parent | 80cf342e476f21b607f2088a6565bee93b1e08b0 (diff) | |
download | tor-87a93917c3f6aed650c7db2d6670b15f894cff56.tar tor-87a93917c3f6aed650c7db2d6670b15f894cff56.tar.gz |
Fix a reference-leak in tor_tls_received_v3_certificate
We were calling SSL_get_peer_certificate but not X509_free.
This is a major part of bug4252; the bug has been in no released version.
Diffstat (limited to 'src/common')
-rw-r--r-- | src/common/tortls.c | 30 |
1 files changed, 20 insertions, 10 deletions
diff --git a/src/common/tortls.c b/src/common/tortls.c index e540bfdc1..a8b60850b 100644 --- a/src/common/tortls.c +++ b/src/common/tortls.c @@ -2229,33 +2229,43 @@ int tor_tls_received_v3_certificate(tor_tls_t *tls) { X509 *cert = SSL_get_peer_certificate(tls->ssl); - EVP_PKEY *key; + EVP_PKEY *key = NULL; X509_NAME *issuer_name, *subject_name; + int is_v3 = 0; if (!cert) { log_warn(LD_BUG, "Called on a connection with no peer certificate"); - return 0; + goto done; } subject_name = X509_get_subject_name(cert); issuer_name = X509_get_issuer_name(cert); - if (X509_name_cmp(subject_name, issuer_name) == 0) - return 1; /* purportedly self signed */ + if (X509_name_cmp(subject_name, issuer_name) == 0) { + is_v3 = 1; /* purportedly self signed */ + goto done; + } if (dn_indicates_v3_cert(subject_name) || - dn_indicates_v3_cert(issuer_name)) - return 1; /* DN is fancy */ + dn_indicates_v3_cert(issuer_name)) { + is_v3 = 1; /* DN is fancy */ + goto done; + } key = X509_get_pubkey(cert); if (EVP_PKEY_bits(key) != 1024 || EVP_PKEY_type(key->type) != EVP_PKEY_RSA) { - EVP_PKEY_free(key); - return 1; /* Key is fancy */ + is_v3 = 1; /* Key is fancy */ + goto done; } - EVP_PKEY_free(key); - return 0; + done: + if (key) + EVP_PKEY_free(key); + if (cert) + X509_free(cert); + + return is_v3; } /** Return the number of server handshakes that we've noticed doing on |