summaryrefslogtreecommitdiff
path: root/sbin
diff options
context:
space:
mode:
authortobhe <tobhe@cvs.openbsd.org>2020-08-17 16:49:29 +0000
committertobhe <tobhe@cvs.openbsd.org>2020-08-17 16:49:29 +0000
commit5f2eef755cd2acec818c1cd5545fd1b0999bbdb7 (patch)
treeb131bc4ed4612db1f5aa225ece45dfcd2b71ebea /sbin
parented830fdd1da3c345eb2a5665398dc9113c79e878 (diff)
Fix possible leak of ocsp_id.
ok patrick@
Diffstat (limited to 'sbin')
-rw-r--r--sbin/iked/ocsp.c12
1 files changed, 9 insertions, 3 deletions
diff --git a/sbin/iked/ocsp.c b/sbin/iked/ocsp.c
index 363a1dadd12..f4ab20c99f3 100644
--- a/sbin/iked/ocsp.c
+++ b/sbin/iked/ocsp.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ocsp.c,v 1.10 2020/08/16 09:09:17 tobhe Exp $ */
+/* $OpenBSD: ocsp.c,v 1.11 2020/08/17 16:49:28 tobhe Exp $ */
/*
* Copyright (c) 2014 Markus Friedl
@@ -210,6 +210,7 @@ ocsp_validate_cert(struct iked *env, void *data, size_t len,
{
struct iked_ocsp_entry *ioe;
struct iked_ocsp *ocsp;
+ OCSP_CERTID *id = NULL;
BIO *rawcert = NULL, *bissuer = NULL;
X509 *cert = NULL, *issuer = NULL;
@@ -230,10 +231,13 @@ ocsp_validate_cert(struct iked *env, void *data, size_t len,
(issuer = PEM_read_bio_X509(bissuer, NULL, NULL, NULL)) == NULL ||
(ocsp->ocsp_cbio = BIO_new(BIO_s_socket())) == NULL ||
(ocsp->ocsp_req = OCSP_REQUEST_new()) == NULL ||
- !(ocsp->ocsp_id = OCSP_cert_to_id(NULL, cert, issuer)) ||
- !OCSP_request_add0_id(ocsp->ocsp_req, ocsp->ocsp_id))
+ (id = OCSP_cert_to_id(NULL, cert, issuer)) == NULL ||
+ !OCSP_request_add0_id(ocsp->ocsp_req, id))
goto err;
+ /* id is owned by and freed together with ocsp_req */
+ ocsp->ocsp_id = id;
+
BIO_free(rawcert);
BIO_free(bissuer);
X509_free(cert);
@@ -253,6 +257,8 @@ ocsp_validate_cert(struct iked *env, void *data, size_t len,
BIO_free(rawcert);
if (cert != NULL)
X509_free(cert);
+ if (id != NULL)
+ OCSP_CERTID_free(id);
if (bissuer != NULL)
BIO_free(bissuer);
if (issuer != NULL)