Index | Thread | Search

From:
Theo Buehler <tb@theobuehler.org>
Subject:
apache-httpd: plug a couple of memleaks
To:
ports@openbsd.org
Cc:
giovanni@openbsd.org
Date:
Thu, 20 Nov 2025 08:23:36 +0100

Download raw body.

Thread 
This isn't terrible but leaks a few bytes for every connection that is
logged via these functions. I sent this upstream (where the same mistake
was copied into another place).

https://github.com/apache/httpd/pull/578

There's also lots of missing error checking, but I decided not to go
down this road.

Index: Makefile
===================================================================
RCS file: /cvs/ports/www/apache-httpd/Makefile,v
diff -u -p -r1.138 Makefile
--- Makefile	1 Nov 2025 11:16:43 -0000	1.138
+++ Makefile	20 Nov 2025 07:16:30 -0000
@@ -3,7 +3,7 @@ COMMENT=		apache HTTP server
 V=			2.4.65
 DISTNAME=		httpd-${V}
 PKGNAME=		apache-httpd-${V}
-REVISION=		1
+REVISION=		2
 
 CATEGORIES=		www net
 
Index: patches/patch-modules_md_md_crypt_c
===================================================================
RCS file: patches/patch-modules_md_md_crypt_c
diff -N patches/patch-modules_md_md_crypt_c
--- /dev/null	1 Jan 1970 00:00:00 -0000
+++ patches/patch-modules_md_md_crypt_c	20 Nov 2025 07:12:48 -0000
@@ -0,0 +1,14 @@
+https://github.com/apache/httpd/pull/578
+
+Index: modules/md/md_crypt.c
+--- modules/md/md_crypt.c.orig
++++ modules/md/md_crypt.c
+@@ -1222,7 +1222,7 @@ const char *md_cert_get_serial_number(const md_cert_t 
+         serial = BN_bn2hex(bn);
+         s = apr_pstrdup(p, serial);
+         OPENSSL_free((void*)serial);
+-        OPENSSL_free((void*)bn);
++        BN_free(bn);
+     }
+     return s;
+ }
Index: patches/patch-modules_md_md_ocsp_c
===================================================================
RCS file: patches/patch-modules_md_md_ocsp_c
diff -N patches/patch-modules_md_md_ocsp_c
--- /dev/null	1 Jan 1970 00:00:00 -0000
+++ patches/patch-modules_md_md_ocsp_c	20 Nov 2025 06:53:43 -0000
@@ -0,0 +1,14 @@
+https://github.com/apache/httpd/pull/578
+
+Index: modules/md/md_ocsp.c
+--- modules/md/md_ocsp.c.orig
++++ modules/md/md_ocsp.c
+@@ -531,7 +531,7 @@ static const char *certid_summary(const OCSP_CERTID *c
+         bn = ASN1_INTEGER_to_BN(aserial, NULL);
+         s = BN_bn2hex(bn);
+         serial = apr_pstrdup(p, s);
+-        OPENSSL_free((void*)bn);
++        BN_free(bn);
+         OPENSSL_free((void*)s);
+     }
+     return apr_psprintf(p, "certid[der=%s, issuer=%s, key=%s, serial=%s]",