Changeset 82745d1 in mod_gnutls

Timestamp:

Jun 14, 2016, 3:38:18 PM (3 years ago)

Author:

Thomas Klute <thomas2.klute@…>

Branches:

debian/master, debian/stretch-backports, master, upstream

Children:

894efd0

Parents:

16ad0eb

Message:

Fix memory usage issues

• Use-after-free of the OCSP request in mgs_cache_ocsp_response()

• Missing error return in mgs_cache_ocsp_response() if request creation fails

• Initialize fplen in mgs_get_cert_fingerprint() before requesting the fingerprint length. Valgrind indicates that the control flow of gnutls_x509_crt_get_fingerprint() depends on it.

File:

• src/gnutls_ocsp.c (modified) (2 diffs)

src/gnutls_ocsp.c

@@ -339 +339 @@
 {
     gnutls_datum_t fingerprint = {NULL, 0};
-    size_t fplen;
+    size_t fplen = 0;
     gnutls_x509_crt_get_fingerprint(cert, GNUTLS_DIG_SHA1, NULL, &fplen);
     unsigned char * fp = apr_palloc(p, fplen);
@@ -537 +537 @@
     if (ret == GNUTLS_E_SUCCESS)
     {
-        ap_log_error(APLOG_MARK, APLOG_DEBUG, APR_SUCCESS, s,
+        ap_log_error(APLOG_MARK, APLOG_TRACE2, APR_SUCCESS, s,
                      "created OCSP request for %s:%d: %s",
                      s->server_hostname, s->addrs->host_port,
                      apr_pescape_hex(tmp, req.data, req.size, 0));
+    }
+    else
+    {
         gnutls_free(req.data);
+        apr_pool_destroy(tmp);
+        return APR_EGENERAL;
     }
 
     gnutls_datum_t resp;
     rv = do_ocsp_request(tmp, s, &req, &resp);
+    gnutls_free(req.data);
     if (rv != APR_SUCCESS)
     {