tyler.durden/icinga2
1
0
Fork 0
mirror of https://github.com/Icinga/icinga2.git synced 2025-07-29 08:34:20 +02:00
Code Issues Packages Projects Releases Wiki Activity

VerifyCertificate: fix use after free

Browse Source 
`X509_STORE_CTX_get_error(csc)` was called after `X509_STORE_CTX_free(csc)`.
This is fixed by automatically freeing variables at the end of the function
using `std::unique_ptr`.
This commit is contained in:
Julian Brost 2025-05-14 10:16:34 +02:00
parent 33824c2acc
commit 00864d1096
1 changed files with 7 additions and 10 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

17
lib/base/tlsutility.cpp
View File

@ -985,27 +985,24 @@ String BinaryToHex(const unsigned char* data, size_t length) {
bool VerifyCertificate(const std::shared_ptr<X509> &caCertificate, const std::shared_ptr<X509> &certificate, const String& crlFile)
{
X509_STORE *store = X509_STORE_new();
std::unique_ptr<X509_STORE, decltype(&X509_STORE_free)> store{X509_STORE_new(), &X509_STORE_free};
if (!store)
return false;
X509_STORE_add_cert(store, caCertificate.get());
X509_STORE_add_cert(store.get(), caCertificate.get());
if (!crlFile.IsEmpty()) {
AddCRLToSSLContext(store, crlFile);
AddCRLToSSLContext(store.get(), crlFile);
}
X509_STORE_CTX *csc = X509_STORE_CTX_new();
X509_STORE_CTX_init(csc, store, certificate.get(), nullptr);
std::unique_ptr<X509_STORE_CTX, decltype(&X509_STORE_CTX_free)> csc{X509_STORE_CTX_new(), &X509_STORE_CTX_free};
X509_STORE_CTX_init(csc.get(), store.get(), certificate.get(), nullptr);
int rc = X509_verify_cert(csc);
X509_STORE_CTX_free(csc);
X509_STORE_free(store);
int rc = X509_verify_cert(csc.get());
if (rc == 0) {
int err = X509_STORE_CTX_get_error(csc);
int err = X509_STORE_CTX_get_error(csc.get());
BOOST_THROW_EXCEPTION(openssl_error()
<< boost::errinfo_api_function("X509_verify_cert")