Fossil SCM
Fix case when trying to free a non-malloced pointer.
Commit
ee59ca74b8b8991520660514266da7483e5f68d7
Parent
3b06c951cf0de25…
1 file changed
+8
-5
+8
-5
| --- src/http_ssl.c | ||
| +++ src/http_ssl.c | ||
| @@ -86,10 +86,11 @@ | ||
| 86 | 86 | ** This routine does initial configuration of the SSL module. |
| 87 | 87 | */ |
| 88 | 88 | void ssl_global_init(void){ |
| 89 | 89 | if( sslIsInit==0 ){ |
| 90 | 90 | char *system_store = NULL; |
| 91 | + char *detected_store = NULL; | |
| 91 | 92 | SSL_library_init(); |
| 92 | 93 | SSL_load_error_strings(); |
| 93 | 94 | ERR_load_BIO_strings(); |
| 94 | 95 | OpenSSL_add_all_algorithms(); |
| 95 | 96 | sslCtx = SSL_CTX_new(SSLv23_client_method()); |
| @@ -97,26 +98,28 @@ | ||
| 97 | 98 | /* TODO Load windows cert store here. */ |
| 98 | 99 | #elif defined(__linux__) |
| 99 | 100 | /* Linux has a few different places to find the root certificate bundle */ |
| 100 | 101 | if(file_isfile("/etc/pki/tls/cert.pem")) { |
| 101 | 102 | /* This is for RedHat derived distros */ |
| 102 | - system_store = "/etc/pki/tls/cert.pem"; | |
| 103 | + detected_store = "/etc/pki/tls/cert.pem"; | |
| 103 | 104 | } |
| 104 | 105 | else if(file_isfile("/etc/ssl/certs/ca-certificates.crt")) { |
| 105 | 106 | /* This is for Debian derived distros, and Arch */ |
| 106 | - system_store = "/etc/ssl/certs/ca-certificates.crt"; | |
| 107 | + detected_store = "/etc/ssl/certs/ca-certificates.crt"; | |
| 107 | 108 | } |
| 108 | 109 | #elif defined(__FreeBSD__) |
| 109 | - system_store = "/usr/local/share/certs/ca-root-nss.crt"; | |
| 110 | + detected_store = "/usr/local/share/certs/ca-root-nss.crt"; | |
| 110 | 111 | #elif defined(__APPLE__) |
| 111 | 112 | /* No action necessary, OpenSSL on OS X appears |
| 112 | 113 | to load the system store automatically */ |
| 113 | 114 | #endif |
| 114 | - system_store = db_get("certificate-bundle", system_store); | |
| 115 | + system_store = db_get("certificate-bundle", detected_store); | |
| 115 | 116 | if(system_store != NULL) { |
| 116 | 117 | SSL_CTX_load_verify_locations(sslCtx, system_store, NULL); |
| 117 | - free(system_store); | |
| 118 | + if(detected_store != NULL) { | |
| 119 | + free(system_store); | |
| 120 | + } | |
| 118 | 121 | } |
| 119 | 122 | sslIsInit = 1; |
| 120 | 123 | } |
| 121 | 124 | } |
| 122 | 125 | |
| 123 | 126 |
| --- src/http_ssl.c | |
| +++ src/http_ssl.c | |
| @@ -86,10 +86,11 @@ | |
| 86 | ** This routine does initial configuration of the SSL module. |
| 87 | */ |
| 88 | void ssl_global_init(void){ |
| 89 | if( sslIsInit==0 ){ |
| 90 | char *system_store = NULL; |
| 91 | SSL_library_init(); |
| 92 | SSL_load_error_strings(); |
| 93 | ERR_load_BIO_strings(); |
| 94 | OpenSSL_add_all_algorithms(); |
| 95 | sslCtx = SSL_CTX_new(SSLv23_client_method()); |
| @@ -97,26 +98,28 @@ | |
| 97 | /* TODO Load windows cert store here. */ |
| 98 | #elif defined(__linux__) |
| 99 | /* Linux has a few different places to find the root certificate bundle */ |
| 100 | if(file_isfile("/etc/pki/tls/cert.pem")) { |
| 101 | /* This is for RedHat derived distros */ |
| 102 | system_store = "/etc/pki/tls/cert.pem"; |
| 103 | } |
| 104 | else if(file_isfile("/etc/ssl/certs/ca-certificates.crt")) { |
| 105 | /* This is for Debian derived distros, and Arch */ |
| 106 | system_store = "/etc/ssl/certs/ca-certificates.crt"; |
| 107 | } |
| 108 | #elif defined(__FreeBSD__) |
| 109 | system_store = "/usr/local/share/certs/ca-root-nss.crt"; |
| 110 | #elif defined(__APPLE__) |
| 111 | /* No action necessary, OpenSSL on OS X appears |
| 112 | to load the system store automatically */ |
| 113 | #endif |
| 114 | system_store = db_get("certificate-bundle", system_store); |
| 115 | if(system_store != NULL) { |
| 116 | SSL_CTX_load_verify_locations(sslCtx, system_store, NULL); |
| 117 | free(system_store); |
| 118 | } |
| 119 | sslIsInit = 1; |
| 120 | } |
| 121 | } |
| 122 | |
| 123 |
| --- src/http_ssl.c | |
| +++ src/http_ssl.c | |
| @@ -86,10 +86,11 @@ | |
| 86 | ** This routine does initial configuration of the SSL module. |
| 87 | */ |
| 88 | void ssl_global_init(void){ |
| 89 | if( sslIsInit==0 ){ |
| 90 | char *system_store = NULL; |
| 91 | char *detected_store = NULL; |
| 92 | SSL_library_init(); |
| 93 | SSL_load_error_strings(); |
| 94 | ERR_load_BIO_strings(); |
| 95 | OpenSSL_add_all_algorithms(); |
| 96 | sslCtx = SSL_CTX_new(SSLv23_client_method()); |
| @@ -97,26 +98,28 @@ | |
| 98 | /* TODO Load windows cert store here. */ |
| 99 | #elif defined(__linux__) |
| 100 | /* Linux has a few different places to find the root certificate bundle */ |
| 101 | if(file_isfile("/etc/pki/tls/cert.pem")) { |
| 102 | /* This is for RedHat derived distros */ |
| 103 | detected_store = "/etc/pki/tls/cert.pem"; |
| 104 | } |
| 105 | else if(file_isfile("/etc/ssl/certs/ca-certificates.crt")) { |
| 106 | /* This is for Debian derived distros, and Arch */ |
| 107 | detected_store = "/etc/ssl/certs/ca-certificates.crt"; |
| 108 | } |
| 109 | #elif defined(__FreeBSD__) |
| 110 | detected_store = "/usr/local/share/certs/ca-root-nss.crt"; |
| 111 | #elif defined(__APPLE__) |
| 112 | /* No action necessary, OpenSSL on OS X appears |
| 113 | to load the system store automatically */ |
| 114 | #endif |
| 115 | system_store = db_get("certificate-bundle", detected_store); |
| 116 | if(system_store != NULL) { |
| 117 | SSL_CTX_load_verify_locations(sslCtx, system_store, NULL); |
| 118 | if(detected_store != NULL) { |
| 119 | free(system_store); |
| 120 | } |
| 121 | } |
| 122 | sslIsInit = 1; |
| 123 | } |
| 124 | } |
| 125 | |
| 126 |