diff options
| author | Davi Arnaut <Davi.Arnaut@Sun.COM> | 2009-05-25 10:00:18 -0300 |
|---|---|---|
| committer | Davi Arnaut <Davi.Arnaut@Sun.COM> | 2009-05-25 10:00:18 -0300 |
| commit | 7c4eb8c0d17fc68da2ab58ee3ace88ea38e48515 (patch) | |
| tree | 313e142b0d73e2db6283108c35e6937edefa7fdb /sql/sql_acl.cc | |
| parent | 73481404656a954b314398f26ee7b4e3aec14282 (diff) | |
| download | mariadb-git-7c4eb8c0d17fc68da2ab58ee3ace88ea38e48515.tar.gz | |
Bug#42158: leak: SSL_get_peer_certificate() doesn't have matching X509_free()
The problem is that the server failed to follow the rule that
every X509 object retrieved using SSL_get_peer_certificate()
must be explicitly freed by X509_free(). This caused a memory
leak for builds linked against OpenSSL where the X509 object
is reference counted -- improper counting will prevent the
object from being destroyed once the session containing the
peer certificate is freed.
The solution is to explicitly free every X509 object used.
mysql-test/r/openssl_1.result:
Add test case result for Bug#42158
mysql-test/t/openssl_1.test:
Add test case for Bug#42158
sql/sql_acl.cc:
Deallocate X509 objects.
Diffstat (limited to 'sql/sql_acl.cc')
| -rw-r--r-- | sql/sql_acl.cc | 11 |
1 files changed, 9 insertions, 2 deletions
diff --git a/sql/sql_acl.cc b/sql/sql_acl.cc index b1dbb7031ce..4d4e4d24684 100644 --- a/sql/sql_acl.cc +++ b/sql/sql_acl.cc @@ -936,6 +936,7 @@ int acl_getroot(THD *thd, USER_RESOURCES *mqh, #ifdef HAVE_OPENSSL Vio *vio=thd->net.vio; SSL *ssl= (SSL*) vio->ssl_arg; + X509 *cert; #endif /* @@ -964,8 +965,11 @@ int acl_getroot(THD *thd, USER_RESOURCES *mqh, */ if (vio_type(vio) == VIO_TYPE_SSL && SSL_get_verify_result(ssl) == X509_V_OK && - SSL_get_peer_certificate(ssl)) + (cert= SSL_get_peer_certificate(ssl))) + { user_access= acl_user->access; + X509_free(cert); + } break; case SSL_TYPE_SPECIFIED: /* Client should have specified attrib */ /* @@ -974,7 +978,6 @@ int acl_getroot(THD *thd, USER_RESOURCES *mqh, If cipher name is specified, we compare it to actual cipher in use. */ - X509 *cert; if (vio_type(vio) != VIO_TYPE_SSL || SSL_get_verify_result(ssl) != X509_V_OK) break; @@ -1014,6 +1017,7 @@ int acl_getroot(THD *thd, USER_RESOURCES *mqh, sql_print_information("X509 issuer mismatch: should be '%s' " "but is '%s'", acl_user->x509_issuer, ptr); free(ptr); + X509_free(cert); user_access=NO_ACCESS; break; } @@ -1033,12 +1037,15 @@ int acl_getroot(THD *thd, USER_RESOURCES *mqh, sql_print_information("X509 subject mismatch: should be '%s' but is '%s'", acl_user->x509_subject, ptr); free(ptr); + X509_free(cert); user_access=NO_ACCESS; break; } user_access= acl_user->access; free(ptr); } + /* Deallocate the X509 certificate. */ + X509_free(cert); break; #else /* HAVE_OPENSSL */ default: |