diff options
author | Vernon Mauery <vernon.mauery@linux.intel.com> | 2021-06-17 00:06:57 +0300 |
---|---|---|
committer | Vernon Mauery <vernon.mauery@linux.intel.com> | 2021-06-17 00:07:43 +0300 |
commit | b937830fe5a7adba40e63f6059bf2c543733de33 (patch) | |
tree | 7a3e3ca96d670ba7a2a79eace93c2c6f1e4a1efa | |
parent | 83f012978df9abba623153b41457afcd4d86e568 (diff) | |
download | bmcweb-b937830fe5a7adba40e63f6059bf2c543733de33.tar.xz |
Free cert usage before return
The ASN1 free will slowly leak memory for incorrect mutual auth
connections because if the certificate does not match the requirements
the function will return without freeing the usage string.
Tested: curl --cert client-cert.pem --key client-key.pem --cacert \
CA-cert.pem https://${bmc}/redfish/v1/SessionService/Sessions
Change-Id: I4c335d3cd151187c7a10e7e668d1556c11389039
Signed-off-by: Vernon Mauery <vernon.mauery@linux.intel.com>
-rw-r--r-- | http/http_connection.hpp | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/http/http_connection.hpp b/http/http_connection.hpp index 6172b3a1cc..fb6401457e 100644 --- a/http/http_connection.hpp +++ b/http/http_connection.hpp @@ -173,6 +173,7 @@ class Connection : isKeyUsageKeyAgreement = true; } } + ASN1_BIT_STRING_free(usage); if (!isKeyUsageDigitalSignature || !isKeyUsageKeyAgreement) { @@ -182,7 +183,6 @@ class Connection : "be used for user authentication"; return true; } - ASN1_BIT_STRING_free(usage); // Determine that ExtendedKeyUsage includes Client Auth |