fixed GH #2380: Calling Poco::Net::X509Certificate::addChainCertificate() leads to double free.

Crypto/include/Poco/Crypto/X509Certificate.h

@@ -151,6 +151,11 @@ public:
 	const X509* certificate() const;
 		/// Returns the underlying OpenSSL certificate.
 
+	X509* dup() const;
+		/// Duplicates and returns the underlying OpenSSL certificate. Note that
+		/// the caller assumes responsibility for the lifecycle of the created
+		/// certificate.
+
 	std::string signatureAlgorithm() const;
 		/// Returns the certificate signature algorithm long name.
 
@@ -228,6 +233,12 @@ inline const X509* X509Certificate::certificate() const
 }
 
 
+inline X509* X509Certificate::dup() const
+{
+	return X509_dup(_pCert);
+}
+
+
 } } // namespace Poco::Crypto
 
 

NetSSL_OpenSSL/src/Context.cpp

@@ -198,9 +198,11 @@ void Context::useCertificate(const Poco::Crypto::X509Certificate& certificate)
 
 void Context::addChainCertificate(const Poco::Crypto::X509Certificate& certificate)
 {
-	int errCode = SSL_CTX_add_extra_chain_cert(_pSSLContext, certificate.certificate());
+	X509* pCert = certificate.dup();
+	int errCode = SSL_CTX_add_extra_chain_cert(_pSSLContext, pCert);
 	if (errCode != 1)
 	{
+		X509_free(pCert);
 		std::string msg = Utility::getLastError();
 		throw SSLContextException("Cannot add chain certificate to Context", msg);
 	}