diff options
author | Michal Rokos <m.rokos@sh.cvut.cz> | 2002-02-20 08:43:41 +0000 |
---|---|---|
committer | Michal Rokos <m.rokos@sh.cvut.cz> | 2002-02-20 08:43:41 +0000 |
commit | 447afde226aac7461d8a549ea8aae5763b0e3124 (patch) | |
tree | 7d8b82566743138ac4c97b755bd46b00be0d4d5f | |
parent | 5e2a679a46e2164f8b38b71132787c3327862957 (diff) | |
download | ruby-openssl-history-447afde226aac7461d8a549ea8aae5763b0e3124.tar.gz |
* Fixed some memory leaks
-rw-r--r-- | ChangeLog | 3 | ||||
-rw-r--r-- | ossl_ssl.c | 82 |
2 files changed, 59 insertions, 26 deletions
@@ -4,6 +4,9 @@ Copyright (C) 2001 Michal Rokos <m.rokos@sh.cvut.cz> All rights reserved. $Log$ +Revision 1.31 2002/02/20 08:43:54 majkl + * Fixed some memory leaks + Revision 1.30 2002/02/13 13:09:49 majkl * transition from rb_raise to OSSL_Raise (where possible) * some mem checks @@ -180,28 +180,47 @@ ssl_ctx_setup(VALUE self) cert = NIL_P(val) ? NULL : ossl_x509_get_X509(val); val = ssl_get_key(self); key = NIL_P(val) ? NULL : ossl_pkey_get_EVP_PKEY(val); - if(cert && key){ - if(!SSL_CTX_use_certificate(p->ctx,cert)) - OSSL_Raise(eSSLError,"SSL_CTX_use_certificate:"); - if(!SSL_CTX_use_PrivateKey(p->ctx,key)) - OSSL_Raise(eSSLError,"SSL_CTX_use_PrivateKey:"); - if(!SSL_CTX_check_private_key(p->ctx)) - OSSL_Raise(eSSLError,"SSL_CTX_check_private_key:"); + + if (cert && key) { + if (!SSL_CTX_use_certificate(p->ctx, cert)) { /* Adds a ref => Safe to FREE */ + X509_free(cert); + EVP_PKEY_free(key); + OSSL_Raise(eSSLError, "SSL_CTX_use_certificate:"); + } + if (!SSL_CTX_use_PrivateKey(p->ctx, key)) { /* Adds a ref => Safe to FREE */ + X509_free(cert); + EVP_PKEY_free(key); + OSSL_Raise(eSSLError, "SSL_CTX_use_PrivateKey:"); + } + if (!SSL_CTX_check_private_key(p->ctx)) { + X509_free(cert); + EVP_PKEY_free(key); + OSSL_Raise(eSSLError, "SSL_CTX_check_private_key:"); + } } - val = ssl_get_ca(self); - ca = NIL_P(val) ? NULL : ossl_x509_get_X509(val); - val = ssl_get_ca_file(self); - ca_file = NIL_P(val) ? NULL : RSTRING(val)->ptr; - val = ssl_get_ca_path(self); - ca_path = NIL_P(val) ? NULL : RSTRING(val)->ptr; - if (ca) - if(!SSL_CTX_add_client_CA(p->ctx, ca)) + /* + * Free cert, key (Used => Safe to FREE || Not used => Not needed) + */ + if (cert) X509_free(cert); + if (key) EVP_PKEY_free(key); + + val = ssl_get_ca(self); + ca = NIL_P(val) ? NULL : ossl_x509_get_X509(val); + val = ssl_get_ca_file(self); + ca_file = NIL_P(val) ? NULL : RSTRING(val)->ptr; + val = ssl_get_ca_path(self); + ca_path = NIL_P(val) ? NULL : RSTRING(val)->ptr; + + if (ca) { + if (!SSL_CTX_add_client_CA(p->ctx, ca)) { /* Copies X509_NAME => FREE it. */ + X509_free(ca); OSSL_Raise(eSSLError, ""); - + } + X509_free(ca); + } if ((!SSL_CTX_load_verify_locations(p->ctx, ca_file, ca_path) || - !SSL_CTX_set_default_verify_paths(p->ctx)) && - ruby_verbose) { + !SSL_CTX_set_default_verify_paths(p->ctx))) { OSSL_Warning("can't set verify locations"); } @@ -230,7 +249,8 @@ ssl_setup(VALUE self) rb_io_check_readable(fptr); rb_io_check_writable(fptr); if((p->ssl = SSL_new(p->ctx)) == NULL) - OSSL_Raise(eSSLError, "SSL_new:"); + OSSL_Raise(eSSLError, "SSL_new:"); + SSL_set_fd(p->ssl, fileno(fptr->f)); } } @@ -411,7 +431,11 @@ ssl_get_certificate(VALUE self) return Qnil; } - if((cert = SSL_get_certificate(p->ssl)) == NULL) return Qnil; + /* + * Is this OpenSSL bug? Should add a ref? + * TODO: Ask for. + */ + if ((cert = SSL_get_certificate(p->ssl)) == NULL) return Qnil; /* NO DUPs => DON'T FREE. */ return ossl_x509_new(cert); } @@ -419,18 +443,24 @@ ssl_get_certificate(VALUE self) static VALUE ssl_get_peer_certificate(VALUE self) { - ssl_st *p; + ssl_st *p; X509 *cert = NULL; + VALUE obj; - Data_Get_Struct(self, ssl_st, p); - if(!p->ssl){ + Data_Get_Struct(self, ssl_st, p); + + if (!p->ssl){ rb_warning("SSL session is not started yet."); return Qnil; - } + } + + if ((cert = SSL_get_peer_certificate(p->ssl)) == NULL) /* Adds a ref => Safe to FREE. */ + return Qnil; - if((cert = SSL_get_peer_certificate(p->ssl)) == NULL) return Qnil; + obj = ossl_x509_new(cert); + X509_free(cert); - return ossl_x509_new(cert); + return obj; } static VALUE |