Hi,
Mod_ssl uses free() inappropriately in several places, to free memory which
has been previously allocated inside OpenSSL. Such memory should be freed
with OPENSSL_free(), not with free().
There is usually no difference, but when allocation debugging is turned on
in OpenSSL, or another allocator is used for some reason (OpenSSL has an
option to do that), using free() can cause problems ranging from harder
debugging to actually causing bugs.
Note that most wrong free() calls (labeled free(cp*) below) are done for
debugging printouts. But these are nevertheless potentially-serious
oversights because that code *always* gets executed (a waste of its own,
but that's another issue), not only when debugging (TRACE) logging is enabled.
Wrong uses of free: (in mod_ssl-2.8.11-1.3.27)
ssl_engine_ext.c: 4 calls to free(cp*) after X509_NAME_oneline().
ssl_engine_kernel.c: 7 calls to free(cp*) after X509_NAME_oneline().
ssl_engine_vars.c: 2 calls to free(cp*) after X509_NAME_oneline().
ssl_util_ssl.c: 1 calls to free() after BN_bn2dec()
I suggest that all these places should call OPENSSL_free() instead of free.
Thanks,
Nadav.
--
Nadav Har'El | Wednesday, Oct 23 2002, 18 Heshvan 5763
[EMAIL PROTECTED] |-----------------------------------------
Phone: +972-53-245868, ICQ 13349191 |A smart man always covers his ass. A wise
http://nadav.harel.org.il |man just keeps his pants on.
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
