[Bug 69117] New: ssl_init_ctx_verify: memory associated with ca_list leaked in standard return paths

[bugzilla]

https://bz.apache.org/bugzilla/show_bug.cgi?id=69117

            Bug ID: 69117
           Summary: ssl_init_ctx_verify: memory associated with ca_list
                    leaked in standard return paths
           Product: Apache httpd-2
           Version: 2.5-HEAD
          Hardware: All
                OS: All
            Status: NEW
          Severity: normal
          Priority: P2
         Component: mod_ssl
          Assignee: bugs@httpd.apache.org
          Reporter: yaneurab...@gmail.com
  Target Milestone: ---

The `ssl_init_FindCAList` function is used in `ssl_init_ctx_verify` to find CAs
in a bundle.

`ssl_init_FindCAList` allocates temporary memory on line 2353 [1], which it
returns to the caller in line 2383 [2].

This memory is freed in an early return path on line 2379 [3], but it is not
cleaned up in the caller. This can result in leaked memory if cleanup routines
aren't called after the fact anywhere in the httpd code [4]. httpd relies on
the OpenSSL memory allocator to clean up the memory at process exit/or on
demand.

Seen on 2.4.x and trunk.

Reported by Coverity.

1.
https://github.com/apache/httpd/blob/71202d890a49eba195c46c4348cdc61d776b103c/modules/ssl/ssl_engine_init.c#L2353
2.
https://github.com/apache/httpd/blob/71202d890a49eba195c46c4348cdc61d776b103c/modules/ssl/ssl_engine_init.c#L2373
3.
https://github.com/apache/httpd/blob/71202d890a49eba195c46c4348cdc61d776b103c/modules/ssl/ssl_engine_init.c#L2379
4.
https://github.com/search?q=repo%3Aapache%2Fhttpd%20sk_X509_NAME_pop_free&type=code

-- 
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscr...@httpd.apache.org
For additional commands, e-mail: bugs-h...@httpd.apache.org