Skip to content

Commit

Permalink
src: avoid X509_free in loops in crypto_x509.cc
Browse files Browse the repository at this point in the history
Use X509Pointer objects for automatic memory management instead.

PR-URL: #44855
Reviewed-By: Darshan Sen <raisinten@gmail.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
  • Loading branch information
tniessen authored Oct 4, 2022
1 parent e2ca29f commit e84e2e6
Showing 1 changed file with 7 additions and 9 deletions.
16 changes: 7 additions & 9 deletions src/crypto/crypto_context.cc
Original file line number Diff line number Diff line change
Expand Up @@ -699,15 +699,14 @@ void SecureContext::AddCACert(const FunctionCallbackInfo<Value>& args) {
return;

X509_STORE* cert_store = SSL_CTX_get_cert_store(sc->ctx_.get());
while (X509* x509 = PEM_read_bio_X509_AUX(
bio.get(), nullptr, NoPasswordCallback, nullptr)) {
while (X509Pointer x509 = X509Pointer(PEM_read_bio_X509_AUX(
bio.get(), nullptr, NoPasswordCallback, nullptr))) {
if (cert_store == root_cert_store) {
cert_store = NewRootCertStore();
SSL_CTX_set_cert_store(sc->ctx_.get(), cert_store);
}
X509_STORE_add_cert(cert_store, x509);
SSL_CTX_add_client_CA(sc->ctx_.get(), x509);
X509_free(x509);
X509_STORE_add_cert(cert_store, x509.get());
SSL_CTX_add_client_CA(sc->ctx_.get(), x509.get());
}
}

Expand Down Expand Up @@ -1311,10 +1310,9 @@ unsigned long AddCertsFromFile( // NOLINT(runtime/int)
if (!bio)
return ERR_get_error();

while (X509* x509 =
PEM_read_bio_X509(bio.get(), nullptr, NoPasswordCallback, nullptr)) {
X509_STORE_add_cert(store, x509);
X509_free(x509);
while (X509Pointer x509 = X509Pointer(PEM_read_bio_X509(
bio.get(), nullptr, NoPasswordCallback, nullptr))) {
X509_STORE_add_cert(store, x509.get());
}

unsigned long err = ERR_peek_error(); // NOLINT(runtime/int)
Expand Down

0 comments on commit e84e2e6

Please sign in to comment.