ocsp: don't free ocsp request if saved in ssl->ctx->certOcspRequest

2025-07-31 19:24:42 +02:00 · 2024-07-23 15:37:41 +00:00
parent 7c6eb7c4a1
commit bb60c58800
1 changed files with 17 additions and 8 deletions
--- a/src/internal.c
+++ b/src/internal.c
@@ -23310,8 +23310,10 @@ int SendFinished(WOLFSSL* ssl)
 * Returns 0 on success
 */
 static int CreateOcspRequest(WOLFSSL* ssl, OcspRequest* request,
-                             DecodedCert* cert, byte* certData, word32 length)
+                             DecodedCert* cert, byte* certData, word32 length,
+                             byte *takeOwnership)
 {
+    byte ctxOwnsRequest = 0;
    int ret;

    if (request != NULL)
@@ -23330,14 +23332,18 @@ static int CreateOcspRequest(WOLFSSL* ssl, OcspRequest* request,
        if (!ssl->buffers.weOwnCert) {
            wolfSSL_Mutex* ocspLock = &SSL_CM(ssl)->ocsp_stapling->ocspLock;
            if (wc_LockMutex(ocspLock) == 0) {
-                if (ssl->ctx->certOcspRequest == NULL)
+                if (ssl->ctx->certOcspRequest == NULL) {
                    ssl->ctx->certOcspRequest = request;
+                    ctxOwnsRequest = 1;
+                }
                wc_UnLockMutex(ocspLock);
            }
        }
    }

    FreeDecodedCert(cert);
+    if (takeOwnership != NULL)
+        *takeOwnership = ctxOwnsRequest;

    return ret;
 }
@@ -23360,6 +23366,7 @@ int CreateOcspResponse(WOLFSSL* ssl, OcspRequest** ocspRequest,
    int          ret = 0;
    OcspRequest* request = NULL;
    byte createdRequest  = 0;
+    byte ctxOwnsRequest = 0;

    if (ssl == NULL || ocspRequest == NULL || response == NULL)
        return BAD_FUNC_ARG;
@@ -23397,7 +23404,7 @@ int CreateOcspResponse(WOLFSSL* ssl, OcspRequest** ocspRequest,
        createdRequest = 1;
        if (ret == 0) {
            ret = CreateOcspRequest(ssl, request, cert, der->buffer,
-                                                                   der->length);
+                      der->length, &ctxOwnsRequest);
        }

        if (ret != 0) {
@@ -23424,7 +23431,7 @@ int CreateOcspResponse(WOLFSSL* ssl, OcspRequest** ocspRequest,
    }

    /* free request up if error case found otherwise return it */
-    if (ret != 0 && createdRequest) {
+    if (ret != 0 && createdRequest && !ctxOwnsRequest) {
        FreeOcspRequest(request);
        XFREE(request, ssl->heap, DYNAMIC_TYPE_OCSP_REQUEST);
    }
@@ -24119,6 +24126,7 @@ int SendCertificateStatus(WOLFSSL* ssl)
        {
            OcspRequest* request = ssl->ctx->certOcspRequest;
            buffer responses[1 + MAX_CHAIN_DEPTH];
+            byte ctxOwnsRequest = 0;
            int i = 0;

            XMEMSET(responses, 0, sizeof(responses));
@@ -24177,7 +24185,7 @@ int SendCertificateStatus(WOLFSSL* ssl)
                            break;

                        ret = CreateOcspRequest(ssl, request, cert, der.buffer,
-                                                der.length);
+                                                der.length, &ctxOwnsRequest);
                        if (ret == 0) {
                            request->ssl = ssl;
                        ret = CheckOcspRequest(SSL_CM(ssl)->ocsp_stapling,
@@ -24192,12 +24200,13 @@ int SendCertificateStatus(WOLFSSL* ssl)


                            i++;
-                            FreeOcspRequest(request);
+                            if (!ctxOwnsRequest)
+                                FreeOcspRequest(request);
                        }
                    }
                }
-
-                XFREE(request, ssl->heap, DYNAMIC_TYPE_OCSP_REQUEST);
+                if (!ctxOwnsRequest)
+                    XFREE(request, ssl->heap, DYNAMIC_TYPE_OCSP_REQUEST);
            #ifdef WOLFSSL_SMALL_STACK
                XFREE(cert, ssl->heap, DYNAMIC_TYPE_DCERT);
            #endif