X509_get_pub_key - yet another memory leak in mod_ssl

Hi,

In our constant search for memory leakes in the last two weeks, I found another
memory leak in mod_ssl, this time in ssl_callback_SSLVerify_CRL (file
ssl_engine_kernel.c). This function, among other things, verifies the signature
on the CRL. To do that, it invokes X509_get_pub_key on the certificate, and
uses the return value to call X509_CRL_verify. However, it neglects to free the
publick key. There is no manual page for X509_get_pub_key (at least not one I
could find), but a quick grep on openssl sources reveales the fact that each
invocation of X509_get_pub_key is *always* followed by an invocation of
EVP_PKEY_FREE on the returned object. However, in mod_ssl, the obeject is not
freed. I would like to mention, that now that I am writing this e-mail, I
grepped the mod_ssl sources, and found two more invocations of
X509_get_pub_key, again without free. One is in the function
ssl_init_ConfigureServer, in ssl_engine_init.c, when the code "optionally
copies DSA parameters for certificate from private key", and in the function
ssl_util_algotypeof, in ssl_util.c. I think this leak (multiplied by 3),
requires your attantion.

Best,

Zvi.

--
Dr. Zvi Har'El mailto:rl@math.technion.ac.il Department of Mathematics
tel:+972-54-227607 Technion - Israel Institute of Technology
fax:+972-4-8324654 http://www.math.technion.ac.il/~rl/ Haifa 32000, ISRAEL
"If you can't say somethin' nice, don't say nothin' at all." -- Thumper (1942)
Sunday, 21 Heshvan 5763, 27 October 2002, 12:18PM
____________________________________________________________ __________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List modssl-users@modssl.org
Automated List Manager majordomo@modssl.org