1
0
mirror of https://github.com/moparisthebest/wget synced 2024-07-03 16:38:41 -04:00

fix memory leak in openssl.c

This commit is contained in:
Tim Rühsen 2014-10-29 16:36:18 +01:00
parent 9dd6ea7481
commit a6c2ba73d9
2 changed files with 39 additions and 5 deletions

View File

@ -3,6 +3,16 @@
* openssl.c (ssl_init) [! OPENSSL_NO_SSL3]: Add guard for OpenSSL * openssl.c (ssl_init) [! OPENSSL_NO_SSL3]: Add guard for OpenSSL
without SSLv3. without SSLv3.
2014-10-29 Tim Ruehsen <tim.ruehsen@gmx.de>
* openssl.c: print cert subject and issuer RFC2253 compliant
* openssl.c (ssl_check_certificate): removed memory leak
2014-10-28 Tim Ruehsen <tim.ruehsen@gmx.de>
* utils.c: added strlcpy(), concat_strings() rewritten
* utils.h: added strlcpy()
2014-10-28 Tim Ruehsen <tim.ruehsen@gmx.de> 2014-10-28 Tim Ruehsen <tim.ruehsen@gmx.de>
* ftp.c (ftp_loop_internal): Fix memory leak * ftp.c (ftp_loop_internal): Fix memory leak

View File

@ -40,6 +40,7 @@ as that of the covered work. */
#include <openssl/x509v3.h> #include <openssl/x509v3.h>
#include <openssl/err.h> #include <openssl/err.h>
#include <openssl/rand.h> #include <openssl/rand.h>
#include <openssl/bio.h>
#if OPENSSL_VERSION_NUMBER >= 0x00907000 #if OPENSSL_VERSION_NUMBER >= 0x00907000
#include <openssl/conf.h> #include <openssl/conf.h>
#endif #endif
@ -572,6 +573,27 @@ pattern_match (const char *pattern, const char *string)
return *n == '\0'; return *n == '\0';
} }
char *_get_rfc2253_formatted (X509_NAME *name)
{
int len;
char *out = NULL;
BIO* b;
if ((b = BIO_new (BIO_s_mem ())))
{
if (X509_NAME_print_ex (b, name, 0, XN_FLAG_RFC2253) >= 0
&& (len = BIO_number_written (b)) > 0)
{
out = xmalloc (len + 1);
BIO_read (b, out, len);
out[len] = 0;
}
BIO_free (b);
}
return out ? out : xstrdup("");
}
/* Verify the validity of the certificate presented by the server. /* Verify the validity of the certificate presented by the server.
Also check that the "common name" of the server, as presented by Also check that the "common name" of the server, as presented by
its certificate, corresponds to HOST. (HOST typically comes from its certificate, corresponds to HOST. (HOST typically comes from
@ -615,23 +637,25 @@ ssl_check_certificate (int fd, const char *host)
IF_DEBUG IF_DEBUG
{ {
char *subject = X509_NAME_oneline (X509_get_subject_name (cert), 0, 0); char *subject = _get_rfc2253_formatted (X509_get_subject_name (cert));
char *issuer = X509_NAME_oneline (X509_get_issuer_name (cert), 0, 0); char *issuer = _get_rfc2253_formatted (X509_get_issuer_name (cert));
DEBUGP (("certificate:\n subject: %s\n issuer: %s\n", DEBUGP (("certificate:\n subject: %s\n issuer: %s\n",
quotearg_n_style (0, escape_quoting_style, subject), quotearg_n_style (0, escape_quoting_style, subject),
quotearg_n_style (1, escape_quoting_style, issuer))); quotearg_n_style (1, escape_quoting_style, issuer)));
OPENSSL_free (subject); xfree (subject);
OPENSSL_free (issuer); xfree (issuer);
} }
vresult = SSL_get_verify_result (conn); vresult = SSL_get_verify_result (conn);
if (vresult != X509_V_OK) if (vresult != X509_V_OK)
{ {
char *issuer = X509_NAME_oneline (X509_get_issuer_name (cert), 0, 0); char *issuer = _get_rfc2253_formatted (X509_get_issuer_name (cert));
logprintf (LOG_NOTQUIET, logprintf (LOG_NOTQUIET,
_("%s: cannot verify %s's certificate, issued by %s:\n"), _("%s: cannot verify %s's certificate, issued by %s:\n"),
severity, quotearg_n_style (0, escape_quoting_style, host), severity, quotearg_n_style (0, escape_quoting_style, host),
quote_n (1, issuer)); quote_n (1, issuer));
xfree(issuer);
/* Try to print more user-friendly (and translated) messages for /* Try to print more user-friendly (and translated) messages for
the frequent verification errors. */ the frequent verification errors. */
switch (vresult) switch (vresult)