diff options
| author | tb <> | 2022-02-08 19:13:50 +0000 |
|---|---|---|
| committer | tb <> | 2022-02-08 19:13:50 +0000 |
| commit | 652dcc4768178318a02265fe5fe2c2c80a9b3de2 (patch) | |
| tree | 8e373aa564f59460e35d02edb63ace802e6be461 | |
| parent | 336d1a9a94803e1cb6ae5d6c6ed8266c168ccf16 (diff) | |
| download | openbsd-652dcc4768178318a02265fe5fe2c2c80a9b3de2.tar.gz openbsd-652dcc4768178318a02265fe5fe2c2c80a9b3de2.tar.bz2 openbsd-652dcc4768178318a02265fe5fe2c2c80a9b3de2.zip | |
Plug a long standing leak in libtls CRL handling
X509_STORE_add_crl() does not take ownership of the CRL, it bumps its
refcount. So nulling out the CRL from the stack will leak it.
Issue reported by KS Sreeram, thanks!
ok jsing
| -rw-r--r-- | src/lib/libtls/tls.c | 3 |
1 files changed, 1 insertions, 2 deletions
diff --git a/src/lib/libtls/tls.c b/src/lib/libtls/tls.c index fd525aa428..ff33ebe53e 100644 --- a/src/lib/libtls/tls.c +++ b/src/lib/libtls/tls.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: tls.c,v 1.93 2022/01/25 21:51:24 eric Exp $ */ | 1 | /* $OpenBSD: tls.c,v 1.94 2022/02/08 19:13:50 tb Exp $ */ |
| 2 | /* | 2 | /* |
| 3 | * Copyright (c) 2014 Joel Sing <jsing@openbsd.org> | 3 | * Copyright (c) 2014 Joel Sing <jsing@openbsd.org> |
| 4 | * | 4 | * |
| @@ -647,7 +647,6 @@ tls_configure_ssl_verify(struct tls *ctx, SSL_CTX *ssl_ctx, int verify) | |||
| 647 | tls_set_error(ctx, "failed to add crl"); | 647 | tls_set_error(ctx, "failed to add crl"); |
| 648 | goto err; | 648 | goto err; |
| 649 | } | 649 | } |
| 650 | xi->crl = NULL; | ||
| 651 | } | 650 | } |
| 652 | X509_STORE_set_flags(store, | 651 | X509_STORE_set_flags(store, |
| 653 | X509_V_FLAG_CRL_CHECK | X509_V_FLAG_CRL_CHECK_ALL); | 652 | X509_V_FLAG_CRL_CHECK | X509_V_FLAG_CRL_CHECK_ALL); |