From aeb2bd0fe640ecf90df48840fca79007b4895bbf Mon Sep 17 00:00:00 2001 From: Timothy Pearson Date: Fri, 23 Oct 2015 01:25:39 -0500 Subject: [PATCH] Fix memory leak when deleting a KSSLCertificate that holds a CRL (cherry picked from commit 9bf244dd97e89bf47dd70fe47a4f00a3f372f875) --- tdeio/kssl/kopenssl.cc | 7 +++++++ tdeio/kssl/kopenssl.h | 5 +++++ tdeio/kssl/ksslcertificate.cc | 6 +++++- 3 files changed, 17 insertions(+), 1 deletion(-) diff --git a/tdeio/kssl/kopenssl.cc b/tdeio/kssl/kopenssl.cc index bc89a420a..d4f086d8e 100644 --- a/tdeio/kssl/kopenssl.cc +++ b/tdeio/kssl/kopenssl.cc @@ -80,6 +80,7 @@ static X509_STORE_CTX *(*K_X509_STORE_CTX_new) (void) = 0L; static void (*K_X509_STORE_free) (X509_STORE *) = 0L; static X509_STORE *(*K_X509_STORE_new) (void) = 0L; static void (*K_X509_free) (X509 *) = 0L; +static void (*K_X509_CRL_free) (X509_CRL *) = 0L; static char *(*K_X509_NAME_oneline) (X509_NAME *,char *,int) = 0L; static X509_NAME *(*K_X509_get_subject_name) (X509 *) = 0L; static X509_NAME *(*K_X509_get_issuer_name) (X509 *) = 0L; @@ -396,6 +397,7 @@ TDEConfig *cfg; if (_cryptoLib) { #ifdef KSSL_HAVE_SSL K_X509_free = (void (*) (X509 *)) GET_CRYPTOLIB_SYMBOL("X509_free"); + K_X509_CRL_free = (void (*) (X509_CRL *)) GET_CRYPTOLIB_SYMBOL("X509_CRL_free"); K_RAND_egd = (int (*)(const char *)) GET_CRYPTOLIB_SYMBOL("RAND_egd"); K_RAND_load_file = (int (*)(const char *, long)) GET_CRYPTOLIB_SYMBOL("RAND_load_file"); K_RAND_file_name = (const char* (*)(char *, size_t)) GET_CRYPTOLIB_SYMBOL("RAND_file_name"); @@ -899,6 +901,11 @@ void KOpenSSLProxy::X509_free(X509 *a) { } +void KOpenSSLProxy::X509_CRL_free(X509_CRL *a) { + if (K_X509_CRL_free) (K_X509_CRL_free)(a); +} + + char *KOpenSSLProxy::X509_NAME_oneline(X509_NAME *a,char *buf,int size) { if (K_X509_NAME_oneline) return (K_X509_NAME_oneline)(a,buf,size); return 0L; diff --git a/tdeio/kssl/kopenssl.h b/tdeio/kssl/kopenssl.h index 9d0537051..6185821a4 100644 --- a/tdeio/kssl/kopenssl.h +++ b/tdeio/kssl/kopenssl.h @@ -360,6 +360,11 @@ public: */ void X509_free(X509 *v); + /* + * X509_CRL_free - free up an X509 CRL + */ + void X509_CRL_free(X509_CRL *v); + /* * X509_NAME_oneline - return the X509 data in a string diff --git a/tdeio/kssl/ksslcertificate.cc b/tdeio/kssl/ksslcertificate.cc index 95e0866ca..e94681800 100644 --- a/tdeio/kssl/ksslcertificate.cc +++ b/tdeio/kssl/ksslcertificate.cc @@ -118,8 +118,12 @@ KSSLCertificate::KSSLCertificate(const KSSLCertificate& x) { KSSLCertificate::~KSSLCertificate() { #ifdef KSSL_HAVE_SSL - if (d->m_cert) + if (d->m_cert) { d->kossl->X509_free(d->m_cert); + } + if (d->m_cert_crl) { + d->kossl->X509_CRL_free(d->m_cert_crl); + } #endif delete d; }