diff options
| author | Sara Golemon <sara.golemon@mongodb.com> | 2020-02-14 16:58:01 +0000 |
|---|---|---|
| committer | Evergreen Agent <no-reply@evergreen.mongodb.com> | 2020-02-15 04:04:12 +0000 |
| commit | 94940ab14441d88d95a22b537d6d84d78fc0910d (patch) | |
| tree | 3c4dbf52f174c97b9069f6943c5196b660744df5 | |
| parent | f75e109e3dba2164b6a7a5b16c87f4552f4a7fb5 (diff) | |
| download | mongo-94940ab14441d88d95a22b537d6d84d78fc0910d.tar.gz | |
SERVER-46174 Free peer certificate in SSL_get0_verified_chain polyfill
(cherry picked from commit 98042804dff69afac74a7e2681efc0d00d207f2c)
| -rw-r--r-- | src/mongo/util/net/ssl_manager_openssl.cpp | 21 |
1 files changed, 11 insertions, 10 deletions
diff --git a/src/mongo/util/net/ssl_manager_openssl.cpp b/src/mongo/util/net/ssl_manager_openssl.cpp index 99320199a4f..67913363c6b 100644 --- a/src/mongo/util/net/ssl_manager_openssl.cpp +++ b/src/mongo/util/net/ssl_manager_openssl.cpp @@ -88,6 +88,15 @@ struct UniqueX509StoreCtxDeleter { }; using UniqueX509StoreCtx = std::unique_ptr<X509_STORE_CTX, UniqueX509StoreCtxDeleter>; +struct UniqueX509Deleter { + void operator()(X509* cert) { + if (cert) { + X509_free(cert); + } + } +}; +using UniqueX509 = std::unique_ptr<X509, UniqueX509Deleter>; + // Because the hostname having a slash is used by `mongo::SockAddr` to determine if a hostname is a // Unix Domain Socket endpoint, this function uses the same logic. (See // `mongo::SockAddr::Sockaddr(StringData, int, sa_family_t)`). A user explicitly specifying a Unix @@ -208,11 +217,11 @@ struct VerifiedChainDeleter { STACK_OF(X509) * SSL_get0_verified_chain(SSL* s) { auto* store = SSL_CTX_get_cert_store(SSL_get_SSL_CTX(s)); - auto* peer = SSL_get_peer_certificate(s); + UniqueX509 peer(SSL_get_peer_certificate(s)); auto* peerChain = SSL_get_peer_cert_chain(s); UniqueX509StoreCtx ctx(X509_STORE_CTX_new()); - if (!X509_STORE_CTX_init(ctx.get(), store, peer, peerChain)) { + if (!X509_STORE_CTX_init(ctx.get(), store, peer.get(), peerChain)) { return nullptr; } @@ -374,14 +383,6 @@ using UniqueSSLContext = std::unique_ptr<SSL_CTX, decltype(&free_ssl_context)>; static const int BUFFER_SIZE = 8 * 1024; static const int DATE_LEN = 128; -struct UniqueX509Free { - void operator()(X509* ptr) const { - X509_free(ptr); - } -}; - -using UniqueX509 = std::unique_ptr<X509, UniqueX509Free>; - class SSLManagerOpenSSL : public SSLManagerInterface { public: explicit SSLManagerOpenSSL(const SSLParams& params, bool isServer); |