From 152e7604f63fcaebcf01efda0a9aae33127eb369 Mon Sep 17 00:00:00 2001 From: Jeremy Harris Date: Sun, 21 Jun 2015 18:17:09 +0100 Subject: [PATCH] Before importing a certificate, free any previous one. Bug 1648 Because the SSL libraries do not use Exim's heap management this was a memory-leak in "exim -bp". --- src/src/deliver.c | 6 ++++-- src/src/tlscert-gnu.c | 8 ++++++-- src/src/tlscert-openssl.c | 4 +++- 3 files changed, 13 insertions(+), 5 deletions(-) diff --git a/src/src/deliver.c b/src/src/deliver.c index ec030fefb..543a618eb 100644 --- a/src/src/deliver.c +++ b/src/src/deliver.c @@ -3135,15 +3135,17 @@ while (!done) break; case '2': - addr->peercert = NULL; if (*ptr) (void) tls_import_cert(ptr, &addr->peercert); + else + addr->peercert = NULL; break; case '3': - addr->ourcert = NULL; if (*ptr) (void) tls_import_cert(ptr, &addr->ourcert); + else + addr->ourcert = NULL; break; # ifndef DISABLE_OCSP diff --git a/src/src/tlscert-gnu.c b/src/src/tlscert-gnu.c index dc290b8b7..40f49d366 100644 --- a/src/src/tlscert-gnu.c +++ b/src/src/tlscert-gnu.c @@ -51,10 +51,14 @@ tls_import_cert(const uschar * buf, void ** cert) { void * reset_point = store_get(0); gnutls_datum_t datum; -gnutls_x509_crt_t crt; +gnutls_x509_crt_t crt = *(gnutls_x509_crt_t *)cert; int fail = 0; -gnutls_global_init(); +if (crt) + gnutls_x509_crt_deinit(crt); +else + gnutls_global_init(); + gnutls_x509_crt_init(&crt); datum.data = string_unprinting(US buf); diff --git a/src/src/tlscert-openssl.c b/src/src/tlscert-openssl.c index 165a3cf5c..f2e482ba7 100644 --- a/src/src/tlscert-openssl.c +++ b/src/src/tlscert-openssl.c @@ -55,9 +55,11 @@ tls_import_cert(const uschar * buf, void ** cert) void * reset_point = store_get(0); const uschar * cp = string_unprinting(US buf); BIO * bp; -X509 * x; +X509 * x = *(X509 **)cert; int fail = 0; +if (x) X509_free(x); + bp = BIO_new_mem_buf(US cp, -1); if (!(x = PEM_read_bio_X509(bp, NULL, 0, NULL))) { -- 2.30.2