diff options
| author | lishu <[email protected]> | 2018-12-07 15:07:49 +0800 |
|---|---|---|
| committer | lishu <[email protected]> | 2018-12-07 15:07:49 +0800 |
| commit | ce771378b2c220ae0a81e362bbf1f5424a31e18c (patch) | |
| tree | f2a13897cbe207bfea33dfbda9e24c04e7eacb5f /src | |
| parent | db6a074623fcfb95bc8c59a022d359460fbd8bf2 (diff) | |
证书openssl 内存泄露
Diffstat (limited to 'src')
| -rw-r--r-- | src/SSL_Analyze.c | 4 | ||||
| -rw-r--r-- | src/SSL_Certificate.c | 19 |
2 files changed, 14 insertions, 9 deletions
diff --git a/src/SSL_Analyze.c b/src/SSL_Analyze.c index 4d5730f..bbbb6c6 100644 --- a/src/SSL_Analyze.c +++ b/src/SSL_Analyze.c @@ -19,7 +19,7 @@ ssl_prog_runtime_parameter_t g_ssl_prog_para; -int SSL_VERSION_1_20181206 = 0; +int SSL_VERSION_1_20181207 = 0; void ssl_history() { @@ -64,7 +64,7 @@ void ssl_history() //2018-11-08 V0.2 multi-san //2018-11-29 V0.2 san dictator_malloc //2018-12-04 V0.2 openssl parse certificate bug -//2018-12-06 V0.2 certificate maxnum +//2018-12-07 V0.2 certificate maxnum; memcheck diff --git a/src/SSL_Certificate.c b/src/SSL_Certificate.c index 2b9c564..3b68916 100644 --- a/src/SSL_Certificate.c +++ b/src/SSL_Certificate.c @@ -25,7 +25,7 @@ #include "openssl/x509v3.h" //debug -#define PRINTF_CERTIFICATE 0 +#define PRINTF_CERTIFICATE 1 #define CERT_VER_MAXNUM 3 const stValueString_t g_astCertVersions[] = @@ -307,11 +307,10 @@ UCHAR ssl_AnalyseCertificate(char *pcSslCertificateData, int iDataLen, ssl_strea dictator_free(thread_seq,a_ssl_stream->stSSLCert->SSLSubAltName); a_ssl_stream->stSSLCert->SSLSubAltName = NULL; } - memset(a_ssl_stream->stSSLCert,0,sizeof(st_cert_t)); #if PRINTF_CERTIFICATE - cert_log(); + cert_log(a_ssl_stream); #endif - + memset(a_ssl_stream->stSSLCert,0,sizeof(st_cert_t)); if(SSL_RETURN_NORM != return_val && SSL_RETURN_UNNORM != return_val ) return return_val; pcCurSslCertificateData += a_ssl_stream->stSSLCert->certlen; iUnAnaCertLen -= a_ssl_stream->stSSLCert->certlen; @@ -1050,7 +1049,7 @@ UCHAR fn_pGetSSLInfo(char *pcCert, int iLen, ssl_stream *a_ssl_stream, struct { /*version*/ int ver = X509_get_version(x509_handle); - if(ver>CERT_VER_MAXNUM) return SSL_RETURN_NORM; + if(ver>CERT_VER_MAXNUM) goto cert_return; memcpy(a_ssl_stream->stSSLCert->SSLVersion, g_astCertVersions[ver].pcString, 1 + strlen((const char *)g_astCertVersions[ver].pcString)); @@ -1107,7 +1106,7 @@ UCHAR fn_pGetSSLInfo(char *pcCert, int iLen, ssl_stream *a_ssl_stream, struct /*subject bak*/ GENERAL_NAMES* subjectAltNames = (GENERAL_NAMES*)X509_get_ext_d2i(x509_handle, NID_subject_alt_name, NULL, NULL); - if(!subjectAltNames) return SSL_RETURN_NORM; + if(!subjectAltNames) goto cert_return; int cnt = sk_GENERAL_NAME_num(subjectAltNames); char* san = NULL; ASN1_STRING *san_name; @@ -1122,7 +1121,7 @@ UCHAR fn_pGetSSLInfo(char *pcCert, int iLen, ssl_stream *a_ssl_stream, struct for (int i = 0; i < cnt; i++) { generalName = sk_GENERAL_NAME_value(subjectAltNames, i); - if(!generalName) return SSL_RETURN_NORM; + if(!generalName) goto cert_return; if(GEN_DNS == generalName->type) { san_name = (ASN1_STRING*)GENERAL_NAME_get0_value(generalName, NULL); @@ -1143,6 +1142,12 @@ UCHAR fn_pGetSSLInfo(char *pcCert, int iLen, ssl_stream *a_ssl_stream, struct GENERAL_NAMES_free(subjectAltNames); } } + +cert_return: + if (x509_handle != NULL) + { + X509_free(x509_handle); + } return SSL_RETURN_NORM; } |