Fix pr 5073, httpd/mod_ssl can leak file descriptors in the

case where an ssl connection is not found in the scache dbm

Reported by, and fix suggested by
Darrin Chandler <darrin@puffy.asicommunications.com>

testing by me, ok henning@

1 files changed, 6 insertions, 2 deletions

diff --git a/usr.sbin/httpd/src/modules/ssl/ssl_scache_dbm.c b/usr.sbin/httpd/src/modules/ssl/ssl_scache_dbm.c
index 808208cab47..78703958800 100644
--- a/usr.sbin/httpd/src/modules/ssl/ssl_scache_dbm.c
+++ b/usr.sbin/httpd/src/modules/ssl/ssl_scache_dbm.c
@@ -230,14 +230,18 @@ SSL_SESSION *ssl_scache_dbm_retrieve(server_rec *s, UCHAR *id, int idlen)
     ssl_mutex_off(s);
 
     /* immediately return if not found */
-    if (dbmval.dptr == NULL || dbmval.dsize <= sizeof(time_t))
+    if (dbmval.dptr == NULL || dbmval.dsize <= sizeof(time_t)) {
+	ssl_dbm_close(dbm);
         return NULL;
+    }
 
     /* parse resulting data */
     nData = dbmval.dsize-sizeof(time_t);
     ucpData = (UCHAR *)malloc(nData);
-    if (ucpData == NULL) 
+    if (ucpData == NULL) {
+	ssl_dbm_close(dbm);
         return NULL;
+    }
     memcpy(ucpData, (char *)dbmval.dptr+sizeof(time_t), nData);
     memcpy(&expiry, dbmval.dptr, sizeof(time_t));