X509Certificate::addChainCertificate() internally calls SSL_CTX_add_extra_chain_cert(), which (unlike SSL_CTX_use_certificate()) does not increment the reference count of the X509 struct. Therefore any call to addChainCertificate() will lead to a double-free as both the Context and the X509Certificate destructor will attempt to free the X509.
Fix:
void Context::addChainCertificate(const Poco::Crypto::X509Certificate& certificate)
{
int errCode = SSL_CTX_add_extra_chain_cert(_pSSLContext, X509_dup(const_cast<X509*>(certificate.certificate())));
if (errCode != 1)
{
std::string msg = Utility::getLastError();
throw SSLContextException("Cannot add chain certificate to Context", msg);
}
}
X509Certificate::addChainCertificate()internally callsSSL_CTX_add_extra_chain_cert(), which (unlikeSSL_CTX_use_certificate()) does not increment the reference count of the X509 struct. Therefore any call toaddChainCertificate()will lead to a double-free as both theContextand theX509Certificatedestructor will attempt to free theX509.Fix: