v2.4.10

---------------------------------------------------------------------------------------------------- * Fix memory leak in case of failures to load the private key. Apache PR 65620 [ Filipe Casal <[email protected]> ]
icing · Nov 24, 2021 · 689b82e · 689b82e
1 parent 615a40e
commit 689b82e
Show file tree

Hide file tree

Showing 4 changed files with 18 additions and 8 deletions.
diff --git a/ChangeLog b/ChangeLog
@@ -1,3 +1,8 @@
+v2.4.10
+----------------------------------------------------------------------------------------------------
+ * Fix memory leak in case of failures to load the private key.
+   Apache PR 65620 [ Filipe Casal <[email protected]> ]
+
 v2.4.9
 ----------------------------------------------------------------------------------------------------
  * MDExternalAccountBinding can be configured with a file that contains the

diff --git a/configure.ac b/configure.ac
@@ -14,7 +14,7 @@
 #
 
 AC_PREREQ([2.69])
-AC_INIT([mod_md], [2.4.9], [[email protected]])
+AC_INIT([mod_md], [2.4.10], [[email protected]])
 
 LT_PREREQ([2.2.6])
 LT_INIT()

diff --git a/src/md_crypt.c b/src/md_crypt.c
@@ -644,6 +644,7 @@ static apr_status_t pkey_to_buffer(md_data_t *buf, md_pkey_t *pkey, apr_pool_t *
     const EVP_CIPHER *cipher = NULL;
     pem_password_cb *cb = NULL;
     void *cb_baton = NULL;
+    apr_status_t rv = APR_SUCCESS;
     passwd_ctx ctx;
     unsigned long err;
     int i;
@@ -652,7 +653,8 @@ static apr_status_t pkey_to_buffer(md_data_t *buf, md_pkey_t *pkey, apr_pool_t *
         return APR_ENOMEM;
     }
     if (pass_len > INT_MAX) {
-        return APR_EINVAL;
+        rv = APR_EINVAL;
+        goto cleanup;
     }
     if (pass && pass_len > 0) {
         ctx.pass_phrase = pass;
@@ -661,7 +663,8 @@ static apr_status_t pkey_to_buffer(md_data_t *buf, md_pkey_t *pkey, apr_pool_t *
         cb_baton = &ctx;
         cipher = EVP_aes_256_cbc();
         if (!cipher) {
-            return APR_ENOTIMPL;
+            rv = APR_ENOTIMPL;
+            goto cleanup;
         }
     }
 
@@ -671,11 +674,11 @@ static apr_status_t pkey_to_buffer(md_data_t *buf, md_pkey_t *pkey, apr_pool_t *
 #else 
     if (!PEM_write_bio_PrivateKey(bio, pkey->pkey, cipher, NULL, 0, cb, cb_baton)) {
 #endif
-        BIO_free(bio);
         err = ERR_get_error();
         md_log_perror(MD_LOG_MARK, MD_LOG_ERR, 0, p, "PEM_write key: %ld %s", 
                       err, ERR_error_string(err, NULL)); 
-        return APR_EINVAL;
+        rv = APR_EINVAL;
+        goto cleanup;
     }
 
     md_data_null(buf);
@@ -685,8 +688,10 @@ static apr_status_t pkey_to_buffer(md_data_t *buf, md_pkey_t *pkey, apr_pool_t *
         i = BIO_read(bio, (char*)buf->data, i);
         buf->len = (apr_size_t)i;
     }
+
+cleanup:
     BIO_free(bio);
-    return APR_SUCCESS;
+    return rv;
 }
 
 apr_status_t md_pkey_fsave(md_pkey_t *pkey, apr_pool_t *p, 

diff --git a/src/md_version.h b/src/md_version.h
@@ -27,15 +27,15 @@
  * @macro
  * Version number of the md module as c string
  */
-#define MOD_MD_VERSION "2.4.9-git"
+#define MOD_MD_VERSION "2.4.10-git"
 
 /**
  * @macro
  * Numerical representation of the version number of the md module
  * release. This is a 24 bit number with 8 bits for major number, 8 bits
  * for minor and 8 bits for patch. Version 1.2.3 becomes 0x010203.
  */
-#define MOD_MD_VERSION_NUM 0x020409
+#define MOD_MD_VERSION_NUM 0x02040a
 
 #define MD_ACME_DEF_URL    "https://acme-v02.api.letsencrypt.org/directory"