Bug 64264

Summary: Potential memory leak: forget to free the return value of OpenSSL API 'SSL_get_peer_certificate'
Product: Apache httpd-2 Reporter: summerlinasity
Component: mod_sslAssignee: Apache HTTPD Bugs Mailing List <bugs>
Status: RESOLVED FIXED    
Severity: normal    
Priority: P2    
Version: 2.5-HEAD   
Target Milestone: ---   
Hardware: PC   
OS: All   

Description summerlinasity 2020-03-25 10:12:56 UTC 
This issue is caused by OpenSSL API 'SSL_get_peer_certificate' in modules/ssl/ssl_engine_vars.c:107:
   x = SSL_get_peer_certificate(sslconn->ssl);

According to OpenSSL API document:
"SSL_get_peer_certificate() returns a pointer to the X509 certificate the peer presented.
The X509 object must be explicitly freed using X509_free()."

So 'x' should be freed by 'X509_free(x)' to avoid a memory leak.
Comment 1 Joe Orton 2020-03-25 15:13:45 UTC 
Nice catch, do you have some tool to check for this or manual review?

Fixed in r1875647.
Comment 2 summerlinasity 2020-03-26 02:56:42 UTC 
Thank you for your quick reply. We are working on an automatic tool to do that work, and we will release it later.
Comment 3 summerlinasity 2020-08-22 10:56:51 UTC 
We found another similar bug in support/ab.c:728, please check it.
Comment 4 Joe Orton 2023-07-07 11:03:06 UTC 
Thanks again, fixed that one in r1910847.