[OpenSIPS-Devel] [OpenSIPS/opensips] 11995a: stir_shaken: Fix heap corruption due to X509_STORE...
Liviu Chircu
noreply at github.com
Thu Apr 15 10:17:23 EST 2021
Branch: refs/heads/3.1
Home: https://github.com/OpenSIPS/opensips
Commit: 11995a0a6ead5ef5588bf123486f8dd906f85435
https://github.com/OpenSIPS/opensips/commit/11995a0a6ead5ef5588bf123486f8dd906f85435
Author: Liviu Chircu <liviu at opensips.org>
Date: 2021-04-15 (Thu, 15 Apr 2021)
Changed paths:
M modules/stir_shaken/stir_shaken.c
Log Message:
-----------
stir_shaken: Fix heap corruption due to X509_STORE_CTX misusage
As advised by the OpenSSL docs:
"The certificates and CRLs in a store are used internally and should not
be freed up until after the associated X509_STORE_CTX is freed."
... whereas the code would attempt to create a global X509_STORE_CTX
object a single time, at OpenSIPS startup, then re-use it on each
stir_shaken_verify() call. However, the certs would unfortunately get
freed after each verification, thus breaking the library requirements.
The solution is to simply create and free a X509_STORE_CTX object on
each verification.
Many thanks to Sandro Gauci and Alfred Farrugia (Enable Security) for
helping uncover this issue!
Issue discovered during OpenSIPIt'01 (https://opensipit.org/)
(cherry picked from commit db899f6df1110463935ce57745f82294a55f6f7a)
More information about the Devel
mailing list