Index | Thread | Search

From:
Giovanni Bechis <giovanni@openbsd.org>
Subject:
Re: apache-httpd: plug a couple of memleaks
To:
Theo Buehler <tb@theobuehler.org>, ports@openbsd.org
Date:
Thu, 20 Nov 2025 08:47:01 +0100

Download raw body.

Thread 
On 11/20/25 8:23 AM, Theo Buehler wrote:
> This isn't terrible but leaks a few bytes for every connection that is
> logged via these functions. I sent this upstream (where the same mistake
> was copied into another place).
>
> https://github.com/apache/httpd/pull/578
>
> There's also lots of missing error checking, but I decided not to go
> down this road.

ok giovanni@
I will improve missing error checks as well soon.

  Thanks
   Giovanni


> Index: Makefile
> ===================================================================
> RCS file: /cvs/ports/www/apache-httpd/Makefile,v
> diff -u -p -r1.138 Makefile
> --- Makefile	1 Nov 2025 11:16:43 -0000	1.138
> +++ Makefile	20 Nov 2025 07:16:30 -0000
> @@ -3,7 +3,7 @@ COMMENT=		apache HTTP server
>   V=			2.4.65
>   DISTNAME=		httpd-${V}
>   PKGNAME=		apache-httpd-${V}
> -REVISION=		1
> +REVISION=		2
>   
>   CATEGORIES=		www net
>   
> Index: patches/patch-modules_md_md_crypt_c
> ===================================================================
> RCS file: patches/patch-modules_md_md_crypt_c
> diff -N patches/patch-modules_md_md_crypt_c
> --- /dev/null	1 Jan 1970 00:00:00 -0000
> +++ patches/patch-modules_md_md_crypt_c	20 Nov 2025 07:12:48 -0000
> @@ -0,0 +1,14 @@
> +https://github.com/apache/httpd/pull/578
> +
> +Index: modules/md/md_crypt.c
> +--- modules/md/md_crypt.c.orig
> ++++ modules/md/md_crypt.c
> +@@ -1222,7 +1222,7 @@ const char *md_cert_get_serial_number(const md_cert_t
> +         serial = BN_bn2hex(bn);
> +         s = apr_pstrdup(p, serial);
> +         OPENSSL_free((void*)serial);
> +-        OPENSSL_free((void*)bn);
> ++        BN_free(bn);
> +     }
> +     return s;
> + }
> Index: patches/patch-modules_md_md_ocsp_c
> ===================================================================
> RCS file: patches/patch-modules_md_md_ocsp_c
> diff -N patches/patch-modules_md_md_ocsp_c
> --- /dev/null	1 Jan 1970 00:00:00 -0000
> +++ patches/patch-modules_md_md_ocsp_c	20 Nov 2025 06:53:43 -0000
> @@ -0,0 +1,14 @@
> +https://github.com/apache/httpd/pull/578
> +
> +Index: modules/md/md_ocsp.c
> +--- modules/md/md_ocsp.c.orig
> ++++ modules/md/md_ocsp.c
> +@@ -531,7 +531,7 @@ static const char *certid_summary(const OCSP_CERTID *c
> +         bn = ASN1_INTEGER_to_BN(aserial, NULL);
> +         s = BN_bn2hex(bn);
> +         serial = apr_pstrdup(p, s);
> +-        OPENSSL_free((void*)bn);
> ++        BN_free(bn);
> +         OPENSSL_free((void*)s);
> +     }
> +     return apr_psprintf(p, "certid[der=%s, issuer=%s, key=%s, serial=%s]",