generic-library/poco
1
0
Fork 0
mirror of https://github.com/pocoproject/poco.git synced 2024-12-12 18:20:26 +01:00
Code Issues Projects Releases Wiki Activity

fixed GH #2380: Calling Poco::Net::X509Certificate::addChainCertificate() leads to double free.

Browse Source
This commit is contained in:
Günter Obiltschnig 2019-06-22 18:11:05 +02:00
parent ee5a7269c3
commit 27335031e1
2 changed files with 31 additions and 18 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
Crypto/include/Poco/Crypto/X509Certificate.h
View File

@ -151,6 +151,11 @@ public:
const X509* certificate() const;
/// Returns the underlying OpenSSL certificate.
X509* dup() const;
/// Duplicates and returns the underlying OpenSSL certificate. Note that
/// the caller assumes responsibility for the lifecycle of the created
/// certificate.
std::string signatureAlgorithm() const;
/// Returns the certificate signature algorithm long name.
@ -228,6 +233,12 @@ inline const X509* X509Certificate::certificate() const
}
inline X509* X509Certificate::dup() const
{
return X509_dup(_pCert);
}
} } // namespace Poco::Crypto

4
NetSSL_OpenSSL/src/Context.cpp
View File

@ -198,9 +198,11 @@ void Context::useCertificate(const Poco::Crypto::X509Certificate& certificate)
void Context::addChainCertificate(const Poco::Crypto::X509Certificate& certificate)
{
int errCode = SSL_CTX_add_extra_chain_cert(_pSSLContext, certificate.certificate());
X509* pCert = certificate.dup();
int errCode = SSL_CTX_add_extra_chain_cert(_pSSLContext, pCert);
if (errCode != 1)
{
X509_free(pCert);
std::string msg = Utility::getLastError();
throw SSLContextException("Cannot add chain certificate to Context", msg);
}