summaryrefslogtreecommitdiff
path: root/src/lib/libtls
diff options
context:
space:
mode:
authortb <>2022-02-08 19:13:50 +0000
committertb <>2022-02-08 19:13:50 +0000
commit652dcc4768178318a02265fe5fe2c2c80a9b3de2 (patch)
tree8e373aa564f59460e35d02edb63ace802e6be461 /src/lib/libtls
parent336d1a9a94803e1cb6ae5d6c6ed8266c168ccf16 (diff)
downloadopenbsd-652dcc4768178318a02265fe5fe2c2c80a9b3de2.tar.gz
openbsd-652dcc4768178318a02265fe5fe2c2c80a9b3de2.tar.bz2
openbsd-652dcc4768178318a02265fe5fe2c2c80a9b3de2.zip
Plug a long standing leak in libtls CRL handling
X509_STORE_add_crl() does not take ownership of the CRL, it bumps its refcount. So nulling out the CRL from the stack will leak it. Issue reported by KS Sreeram, thanks! ok jsing
Diffstat (limited to 'src/lib/libtls')
-rw-r--r--src/lib/libtls/tls.c3
1 files changed, 1 insertions, 2 deletions
diff --git a/src/lib/libtls/tls.c b/src/lib/libtls/tls.c
index fd525aa428..ff33ebe53e 100644
--- a/src/lib/libtls/tls.c
+++ b/src/lib/libtls/tls.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: tls.c,v 1.93 2022/01/25 21:51:24 eric Exp $ */ 1/* $OpenBSD: tls.c,v 1.94 2022/02/08 19:13:50 tb Exp $ */
2/* 2/*
3 * Copyright (c) 2014 Joel Sing <jsing@openbsd.org> 3 * Copyright (c) 2014 Joel Sing <jsing@openbsd.org>
4 * 4 *
@@ -647,7 +647,6 @@ tls_configure_ssl_verify(struct tls *ctx, SSL_CTX *ssl_ctx, int verify)
647 tls_set_error(ctx, "failed to add crl"); 647 tls_set_error(ctx, "failed to add crl");
648 goto err; 648 goto err;
649 } 649 }
650 xi->crl = NULL;
651 } 650 }
652 X509_STORE_set_flags(store, 651 X509_STORE_set_flags(store,
653 X509_V_FLAG_CRL_CHECK | X509_V_FLAG_CRL_CHECK_ALL); 652 X509_V_FLAG_CRL_CHECK | X509_V_FLAG_CRL_CHECK_ALL);