[Bug 64264] New: Potential memory leak: forget to free the return value of OpenSSL API 'SSL_get_peer_certificate'

bugzilla Wed, 25 Mar 2020 03:13:35 -0700

https://bz.apache.org/bugzilla/show_bug.cgi?id=64264


            Bug ID: 64264
           Summary: Potential memory leak: forget to free the return value
                    of OpenSSL API 'SSL_get_peer_certificate'
           Product: Apache httpd-2
           Version: 2.5-HEAD
          Hardware: PC
            Status: NEW
          Severity: normal
          Priority: P2
         Component: mod_ssl
          Assignee: [email protected]
          Reporter: [email protected]
  Target Milestone: ---

This issue is caused by OpenSSL API 'SSL_get_peer_certificate' in
modules/ssl/ssl_engine_vars.c:107:
   x = SSL_get_peer_certificate(sslconn->ssl);

According to OpenSSL API document:
"SSL_get_peer_certificate() returns a pointer to the X509 certificate the peer
presented.
The X509 object must be explicitly freed using X509_free()."

So 'x' should be freed by 'X509_free(x)' to avoid a memory leak.

-- 
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

[Bug 64264] New: Potential memory leak: forget to free the return value of OpenSSL API 'SSL_get_peer_certificate'

Reply via email to