diff options
author | tobhe <tobhe@cvs.openbsd.org> | 2020-08-17 16:49:29 +0000 |
---|---|---|
committer | tobhe <tobhe@cvs.openbsd.org> | 2020-08-17 16:49:29 +0000 |
commit | 5f2eef755cd2acec818c1cd5545fd1b0999bbdb7 (patch) | |
tree | b131bc4ed4612db1f5aa225ece45dfcd2b71ebea /sbin | |
parent | ed830fdd1da3c345eb2a5665398dc9113c79e878 (diff) |
Fix possible leak of ocsp_id.
ok patrick@
Diffstat (limited to 'sbin')
-rw-r--r-- | sbin/iked/ocsp.c | 12 |
1 files changed, 9 insertions, 3 deletions
diff --git a/sbin/iked/ocsp.c b/sbin/iked/ocsp.c index 363a1dadd12..f4ab20c99f3 100644 --- a/sbin/iked/ocsp.c +++ b/sbin/iked/ocsp.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ocsp.c,v 1.10 2020/08/16 09:09:17 tobhe Exp $ */ +/* $OpenBSD: ocsp.c,v 1.11 2020/08/17 16:49:28 tobhe Exp $ */ /* * Copyright (c) 2014 Markus Friedl @@ -210,6 +210,7 @@ ocsp_validate_cert(struct iked *env, void *data, size_t len, { struct iked_ocsp_entry *ioe; struct iked_ocsp *ocsp; + OCSP_CERTID *id = NULL; BIO *rawcert = NULL, *bissuer = NULL; X509 *cert = NULL, *issuer = NULL; @@ -230,10 +231,13 @@ ocsp_validate_cert(struct iked *env, void *data, size_t len, (issuer = PEM_read_bio_X509(bissuer, NULL, NULL, NULL)) == NULL || (ocsp->ocsp_cbio = BIO_new(BIO_s_socket())) == NULL || (ocsp->ocsp_req = OCSP_REQUEST_new()) == NULL || - !(ocsp->ocsp_id = OCSP_cert_to_id(NULL, cert, issuer)) || - !OCSP_request_add0_id(ocsp->ocsp_req, ocsp->ocsp_id)) + (id = OCSP_cert_to_id(NULL, cert, issuer)) == NULL || + !OCSP_request_add0_id(ocsp->ocsp_req, id)) goto err; + /* id is owned by and freed together with ocsp_req */ + ocsp->ocsp_id = id; + BIO_free(rawcert); BIO_free(bissuer); X509_free(cert); @@ -253,6 +257,8 @@ ocsp_validate_cert(struct iked *env, void *data, size_t len, BIO_free(rawcert); if (cert != NULL) X509_free(cert); + if (id != NULL) + OCSP_CERTID_free(id); if (bissuer != NULL) BIO_free(bissuer); if (issuer != NULL) |