https://bugs.openldap.org/show_bug.cgi?id=9696
Issue ID: 9696
Summary: OpenSSL implementation of LDAP_OPT_X_TLS_PEERCERT
leaks memory
Product: OpenLDAP
Version: 2.4.57
Hardware: All
OS: All
Status: UNCONFIRMED
Keywords: needs_review
Severity: normal
Priority: ---
Component: libraries
Assignee: [email protected]
Reporter: [email protected]
Target Milestone: ---
The OpenSSL implementation of ldap_get_option() LDAP_OPT_X_TLS_PEERCERT leaks
memory. The internal function tlso_session_peercert() uses
SSL_get_peer_certificate() to access the server certificate.
SSL_get_peer_certificate() increases the reference counter of the peer cert by
one. The code is missing a X509_free() call to decref the internal reference
counter by one.
I also recommend that you check the return value of SSL_get_peer_certificate()
for NULL. There are cases when a TLS session does not have access to a peer
certificate, e.g. session resumption.
Valgrind log:
==586962== 16,044 (1,056 direct, 14,988 indirect) bytes in 3 blocks are
definitely lost in loss record 6,355 of 6,374
==586962== at 0x484086F: malloc (vg_replace_malloc.c:380)
==586962== by 0x16981A4D: CRYPTO_zalloc (mem.c:230)
==586962== by 0x168CC823: asn1_item_embed_new (tasn_new.c:122)
==586962== by 0x168CE12A: asn1_item_embed_d2i (tasn_dec.c:325)
==586962== by 0x168CE341: ASN1_item_ex_d2i (tasn_dec.c:124)
==586962== by 0x168CE3CE: ASN1_item_d2i (tasn_dec.c:114)
==586962== by 0x1744B7CC: tls_process_server_certificate
(statem_clnt.c:1853)
--
You are receiving this mail because:
You are on the CC list for the issue.
