SERVER-46174 Free peer certificate in SSL_get0_verified_chain polyfill

(cherry picked from commit 98042804dff69afac74a7e2681efc0d00d207f2c)
author: Sara Golemon <sara.golemon@mongodb.com> 2020-02-14 16:58:01 +0000
committer: Evergreen Agent <no-reply@evergreen.mongodb.com> 2020-02-15 03:50:40 +0000
commit: 24b02a2342f59e9f6f3d5ad775252d48a2731d7b (patch)
tree: 1eee0809b681fe047573f38daf8fb7bd6a1e5783
parent: a0e45571da2175ac30c715b20c1d630ef4b1d0e1 (diff)
download: mongo-24b02a2342f59e9f6f3d5ad775252d48a2731d7b.tar.gz
1 files changed, 11 insertions, 2 deletions
diff --git a/src/mongo/util/net/ssl_manager.cpp b/src/mongo/util/net/ssl_manager.cpp
index 3ad394a05f1..e28a1355ebb 100644
--- a/src/mongo/util/net/ssl_manager.cpp
+++ b/src/mongo/util/net/ssl_manager.cpp
@@ -291,13 +291,22 @@ struct VerifiedChainDeleter {
     }
 };
 
+struct UniqueX509Deleter {
+    void operator()(X509* cert) {
+        if (cert) {
+            X509_free(cert);
+        }
+    }
+};
+using UniqueX509 = std::unique_ptr<X509, UniqueX509Deleter>;
+
 STACK_OF(X509) * SSL_get0_verified_chain(SSL* s) {
     auto* store = SSL_CTX_get_cert_store(SSL_get_SSL_CTX(s));
-    auto* peer = SSL_get_peer_certificate(s);
+    UniqueX509 peer(SSL_get_peer_certificate(s));
     auto* peerChain = SSL_get_peer_cert_chain(s);
 
     UniqueX509StoreCtx ctx(X509_STORE_CTX_new());
-    if (!X509_STORE_CTX_init(ctx.get(), store, peer, peerChain)) {
+    if (!X509_STORE_CTX_init(ctx.get(), store, peer.get(), peerChain)) {
         return nullptr;
     }
author	Sara Golemon <sara.golemon@mongodb.com>	2020-02-14 16:58:01 +0000
committer	Evergreen Agent <no-reply@evergreen.mongodb.com>	2020-02-15 03:50:40 +0000
commit	24b02a2342f59e9f6f3d5ad775252d48a2731d7b (patch)
tree	1eee0809b681fe047573f38daf8fb7bd6a1e5783
parent	a0e45571da2175ac30c715b20c1d630ef4b1d0e1 (diff)
download	mongo-24b02a2342f59e9f6f3d5ad775252d48a2731d7b.tar.gz