Changeset 82745d1 in mod_gnutls


Ignore:
Timestamp:
Jun 14, 2016, 3:38:18 PM (3 years ago)
Author:
Thomas Klute <thomas2.klute@…>
Branches:
debian/master, debian/stretch-backports, master, upstream
Children:
894efd0
Parents:
16ad0eb
Message:

Fix memory usage issues

  • Use-after-free of the OCSP request in mgs_cache_ocsp_response()
  • Missing error return in mgs_cache_ocsp_response() if request creation fails
  • Initialize fplen in mgs_get_cert_fingerprint() before requesting the fingerprint length. Valgrind indicates that the control flow of gnutls_x509_crt_get_fingerprint() depends on it.
File:
1 edited

Legend:

Unmodified
Added
Removed
  • src/gnutls_ocsp.c

    r16ad0eb r82745d1  
    339339{
    340340    gnutls_datum_t fingerprint = {NULL, 0};
    341     size_t fplen;
     341    size_t fplen = 0;
    342342    gnutls_x509_crt_get_fingerprint(cert, GNUTLS_DIG_SHA1, NULL, &fplen);
    343343    unsigned char * fp = apr_palloc(p, fplen);
     
    537537    if (ret == GNUTLS_E_SUCCESS)
    538538    {
    539         ap_log_error(APLOG_MARK, APLOG_DEBUG, APR_SUCCESS, s,
     539        ap_log_error(APLOG_MARK, APLOG_TRACE2, APR_SUCCESS, s,
    540540                     "created OCSP request for %s:%d: %s",
    541541                     s->server_hostname, s->addrs->host_port,
    542542                     apr_pescape_hex(tmp, req.data, req.size, 0));
     543    }
     544    else
     545    {
    543546        gnutls_free(req.data);
     547        apr_pool_destroy(tmp);
     548        return APR_EGENERAL;
    544549    }
    545550
    546551    gnutls_datum_t resp;
    547552    rv = do_ocsp_request(tmp, s, &req, &resp);
     553    gnutls_free(req.data);
    548554    if (rv != APR_SUCCESS)
    549555    {
Note: See TracChangeset for help on using the changeset viewer.