From 05f7bc9c66290bffcfce5f63af4b818db7e6af4f Mon Sep 17 00:00:00 2001
From: Ben Ford <bford@digium.com>
Date: Tue, 11 May 2021 12:26:13 -0500
Subject: [PATCH] STIR/SHAKEN: OPENSSL_free serial hex from openssl.

We're getting the serial number of the certificate from openssl and
freeing it with ast_free(), but it needs to be freed with OPENSSL_free()
instead. Now we duplicate the string and free the one from openssl with
OPENSSL_free(), which means we can still use ast_free() on the returned
string.

https://wiki.asterisk.org/wiki/display/AST/OpenSIPit+2021

Change-Id: Ia6e1a4028c1933a0e1d204b769ebb9f5a11f00ab
---
 res/res_stir_shaken/stir_shaken.c | 10 +++++++++-
 1 file changed, 9 insertions(+), 1 deletion(-)

diff --git a/res/res_stir_shaken/stir_shaken.c b/res/res_stir_shaken/stir_shaken.c
index b580773c31..6bc07ea4d9 100644
--- a/res/res_stir_shaken/stir_shaken.c
+++ b/res/res_stir_shaken/stir_shaken.c
@@ -144,6 +144,7 @@ char *stir_shaken_get_serial_number_x509(const char *path)
 	ASN1_INTEGER *serial;
 	BIGNUM *bignum;
 	char *serial_hex;
+	char *ret;
 
 	fp = fopen(path, "r");
 	if (!fp) {
@@ -188,5 +189,12 @@ char *stir_shaken_get_serial_number_x509(const char *path)
 		return NULL;
 	}
 
-	return serial_hex;
+	ret = ast_strdup(serial_hex);
+	OPENSSL_free(serial_hex);
+	if (!ret) {
+		ast_log(LOG_ERROR, "Failed to dup serial from openssl for certificate %s\n", path);
+		return NULL;
+	}
+
+	return ret;
 }
-- 
GitLab