openldap/openldap-nss-free-peer-cert.patch

29 lines
1.1 KiB
Diff
Raw Normal View History

memleak in tlsm_auth_cert_handler
In tlsm_auth_cert_handler, we get the peer's cert from the socket using
SSL_PeerCertificate. This value is allocated and/or cached. We must
destroy it using CERT_DestroyCertificate.
Author: Rich Megginson <rmeggins@redhat.com>
Upstream ITS: #6980
Upstream commit: d944920
Resolves: #717730
diff -uNPrp openldap-2.4.23/libraries/libldap/tls_m.c openldap-2.4.23.fix/libraries/libldap/tls_m.c
--- openldap-2.4.23/libraries/libldap/tls_m.c 2011-07-18 15:54:03.719226863 +0200
+++ openldap-2.4.23.fix/libraries/libldap/tls_m.c 2011-07-18 16:02:59.284531374 +0200
@@ -1034,10 +1034,12 @@ tlsm_auth_cert_handler(void *arg, PRFile
{
SECCertificateUsage certUsage = isServer ? certificateUsageSSLClient : certificateUsageSSLServer;
SECStatus ret = SECSuccess;
+ CERTCertificate *peercert = SSL_PeerCertificate( fd );
- ret = tlsm_verify_cert( (CERTCertDBHandle *)arg, SSL_PeerCertificate( fd ),
+ ret = tlsm_verify_cert( (CERTCertDBHandle *)arg, peercert,
SSL_RevealPinArg( fd ),
checksig, certUsage, 0 );
+ CERT_DestroyCertificate( peercert );
return ret;
}