[Bug 69115] New: ssl_hook_Access_classic: cipher_list_old leaked in early select return paths

bugzilla Wed, 05 Jun 2024 17:28:54 -0700

https://bz.apache.org/bugzilla/show_bug.cgi?id=69115


            Bug ID: 69115
           Summary: ssl_hook_Access_classic: cipher_list_old leaked in
                    early select return paths
           Product: Apache httpd-2
           Version: 2.5-HEAD
          Hardware: All
                OS: All
            Status: NEW
          Severity: normal
          Priority: P2
         Component: mod_ssl
          Assignee: [email protected]
          Reporter: [email protected]
  Target Milestone: ---

cipher_list_old is duplicated on the heap in ssl_hook_Access_classic using
sk_SSL_CIPHER_dup and is subsequently freed and re-duped multiple times
throughout the function.

There is a hypothetical scenario where if memory is reallocated on line 606 [1]
and the early return path is taken on line 619, this can result in the memory
allocated by sk_SSL_CIPHER_dup slowly leaking over time.

Similar cleanup logic needs to be applied to the early return, much like on
line 628-630 [3].

This issue exists on both trunk and the 2.4 development branches.

This issue was reported by Coverity.

1.
https://github.com/apache/httpd/blob/71202d890a49eba195c46c4348cdc61d776b103c/modules/ssl/ssl_engine_kernel.c#L606
2.
https://github.com/apache/httpd/blob/71202d890a49eba195c46c4348cdc61d776b103c/modules/ssl/ssl_engine_kernel.c#L619
3.
https://github.com/apache/httpd/blob/71202d890a49eba195c46c4348cdc61d776b103c/modules/ssl/ssl_engine_kernel.c#L628-L630

-- 
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

[Bug 69115] New: ssl_hook_Access_classic: cipher_list_old leaked in early select return paths

Reply via email to