aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorJouni Malinen <jouni@codeaurora.org>2019-05-08 18:08:53 (GMT)
committerJouni Malinen <j@w1.fi>2019-05-08 18:08:53 (GMT)
commite3b39e62c2ded588943190c941084e4a08701bdf (patch)
tree6e5538fe5cabd76f08dd7476bcf6caa524442306
parent6602d9e3a6fa113cfbc6dd384ab11519c071b9f8 (diff)
downloadhostap-e3b39e62c2ded588943190c941084e4a08701bdf.zip
hostap-e3b39e62c2ded588943190c941084e4a08701bdf.tar.gz
hostap-e3b39e62c2ded588943190c941084e4a08701bdf.tar.bz2
OpenSSL: Fix a memory leak in OCSP handling
If OCSP_resp_find_status() fails with the first OCSP_CERTID, the generation of the second OCSP_CERTID ended up leaking memory. Fix this by freeing the previously allocated OCSP_CERTID on that code path. Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
-rw-r--r--src/crypto/tls_openssl.c1
1 files changed, 1 insertions, 0 deletions
diff --git a/src/crypto/tls_openssl.c b/src/crypto/tls_openssl.c
index e5a0259..bf24074 100644
--- a/src/crypto/tls_openssl.c
+++ b/src/crypto/tls_openssl.c
@@ -4666,6 +4666,7 @@ static int ocsp_resp_cb(SSL *s, void *arg)
res = OCSP_resp_find_status(basic, id, &status, &reason, &produced_at,
&this_update, &next_update);
if (!res) {
+ OCSP_CERTID_free(id);
id = OCSP_cert_to_id(NULL, conn->peer_cert, conn->peer_issuer);
if (!id) {
wpa_printf(MSG_DEBUG,