diff options
| author | tb <> | 2022-02-08 19:13:50 +0000 |
|---|---|---|
| committer | tb <> | 2022-02-08 19:13:50 +0000 |
| commit | 652dcc4768178318a02265fe5fe2c2c80a9b3de2 (patch) | |
| tree | 8e373aa564f59460e35d02edb63ace802e6be461 /src/lib/libtls | |
| parent | 336d1a9a94803e1cb6ae5d6c6ed8266c168ccf16 (diff) | |
| download | openbsd-652dcc4768178318a02265fe5fe2c2c80a9b3de2.tar.gz openbsd-652dcc4768178318a02265fe5fe2c2c80a9b3de2.tar.bz2 openbsd-652dcc4768178318a02265fe5fe2c2c80a9b3de2.zip | |
Plug a long standing leak in libtls CRL handling
X509_STORE_add_crl() does not take ownership of the CRL, it bumps its
refcount. So nulling out the CRL from the stack will leak it.
Issue reported by KS Sreeram, thanks!
ok jsing
Diffstat (limited to 'src/lib/libtls')
| -rw-r--r-- | src/lib/libtls/tls.c | 3 |
1 files changed, 1 insertions, 2 deletions
diff --git a/src/lib/libtls/tls.c b/src/lib/libtls/tls.c index fd525aa428..ff33ebe53e 100644 --- a/src/lib/libtls/tls.c +++ b/src/lib/libtls/tls.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: tls.c,v 1.93 2022/01/25 21:51:24 eric Exp $ */ | 1 | /* $OpenBSD: tls.c,v 1.94 2022/02/08 19:13:50 tb Exp $ */ |
| 2 | /* | 2 | /* |
| 3 | * Copyright (c) 2014 Joel Sing <jsing@openbsd.org> | 3 | * Copyright (c) 2014 Joel Sing <jsing@openbsd.org> |
| 4 | * | 4 | * |
| @@ -647,7 +647,6 @@ tls_configure_ssl_verify(struct tls *ctx, SSL_CTX *ssl_ctx, int verify) | |||
| 647 | tls_set_error(ctx, "failed to add crl"); | 647 | tls_set_error(ctx, "failed to add crl"); |
| 648 | goto err; | 648 | goto err; |
| 649 | } | 649 | } |
| 650 | xi->crl = NULL; | ||
| 651 | } | 650 | } |
| 652 | X509_STORE_set_flags(store, | 651 | X509_STORE_set_flags(store, |
| 653 | X509_V_FLAG_CRL_CHECK | X509_V_FLAG_CRL_CHECK_ALL); | 652 | X509_V_FLAG_CRL_CHECK | X509_V_FLAG_CRL_CHECK_ALL); |