Fix leak in SSL_CTX_set0_chain

2019-11-06 20:32:25 +01:00
parent 8dde06bbca
commit 5f39e12b21
2 changed files with 16 additions and 3 deletions
--- a/src/ssl.c
+++ b/src/ssl.c
@@ -38518,6 +38518,16 @@ long wolfSSL_CTX_ctrl(WOLFSSL_CTX* ctx, int cmd, long opt, void* pt)
        /* Free previous chain */
        wolfSSL_sk_X509_free(ctx->x509Chain);
        ctx->x509Chain = sk;
+        if (sk) {
+            for (i = 0; i < wolfSSL_sk_X509_num(sk); i++) {
+                x509 = wolfSSL_sk_X509_value(sk, i);
+                /* On successful setting of new chain up all refs */
+                if (wolfSSL_X509_up_ref(x509) != 1) {
+                    WOLFSSL_MSG("Error increasing reference count");
+                    continue;
+                }
+            }
+        }
    }
 #else
    WOLFSSL_MSG("Session certificates not compiled in");
--- a/tests/api.c
+++ b/tests/api.c
@@ -4464,11 +4464,14 @@ static void test_wolfSSL_PKCS12(void)
 #endif
 #if defined(OPENSSL_ALL) || defined(WOLFSSL_ASIO) || defined(WOLFSSL_HAPROXY) \
    || defined(WOLFSSL_NGINX)
-    AssertIntEQ(SSL_CTX_set0_chain(ctx, ca), 1);
+    /* Copy stack structure */
+    AssertNotNull(tmp_ca = sk_X509_dup(ca));
+    AssertIntEQ(SSL_CTX_set0_chain(ctx, tmp_ca), 1);
+    /* CTX now owns the tmp_ca stack structure */
+    tmp_ca = NULL;
    AssertIntEQ(wolfSSL_CTX_get_extra_chain_certs(ctx, &tmp_ca), 1);
    AssertNotNull(tmp_ca);
-    /* First cert becomes the main certificate of the context */
-    AssertIntEQ(sk_X509_num(tmp_ca), 1);
+    AssertIntEQ(sk_X509_num(tmp_ca), sk_X509_num(ca));
    /* Check that the main cert is also set */
    AssertNotNull(ssl = SSL_new(ctx));
    AssertNotNull(SSL_get_certificate(ssl));