From f2e9ba7d6f6f8810b9b4e60e31a6964eca62f9f7 Mon Sep 17 00:00:00 2001
From: fengweihao <fengweihao@iie.ac.cn>
Date: Fri, 27 Nov 2020 19:21:49 +0800
Subject: [PATCH] =?UTF-8?q?=E4=BF=AE=E5=A4=8D=E7=AD=BE=E5=8F=91=E8=AF=81?=
 =?UTF-8?q?=E4=B9=A6=E5=A4=B1=E8=B4=A5=E5=BC=82=E5=B8=B8=E5=88=86=E6=94=AF?=
 =?UTF-8?q?=E5=A4=84=E7=90=86=E5=87=BA=E9=94=99?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 program/src/cert_session.cpp | 12 +++++++++---
 1 file changed, 9 insertions(+), 3 deletions(-)

diff --git a/program/src/cert_session.cpp b/program/src/cert_session.cpp
index 1b01dec..f7c999f 100644
--- a/program/src/cert_session.cpp
+++ b/program/src/cert_session.cpp
@@ -691,7 +691,6 @@ X509 *ssl_x509_forge(X509 *cacrt, EVP_PKEY *cakey, X509 *origcrt, char *pkey, in
     if(!ssl_key_gen(&key, pkey, public_algo)){
         goto err;
     }
-
 	//subjectname,issuername
 	subject = X509_get_subject_name(origcrt);
 	issuer = X509_get_subject_name(cacrt);
@@ -728,6 +727,8 @@ X509 *ssl_x509_forge(X509 *cacrt, EVP_PKEY *cakey, X509 *origcrt, char *pkey, in
 	}
 
     EVP_PKEY_free(key);
+	key=NULL;
+
 //extensions
 	X509V3_CTX ctx;
 	X509V3_set_ctx(&ctx, cacrt, crt, NULL, NULL, 0);
@@ -876,7 +877,8 @@ X509 *ssl_x509_forge(X509 *cacrt, EVP_PKEY *cakey, X509 *origcrt, char *pkey, in
 	return crt;
 errout:
 	X509_free(crt);
-    EVP_PKEY_free(key);
+	if(key)
+    	EVP_PKEY_free(key);
 err:
 	return NULL;
 }
@@ -1373,8 +1375,11 @@ redis_clnt_pdu_send(struct tfe_http_request *request)
     char *sign = NULL, pkey[SG_DATA_SIZE] = {0};
 
     uint64_t expire_time = x509_online_append(&thread->def, request, &sign, pkey, &stack_ca);
-    if (sign == NULL && pkey[0] == '\0')
+    if (sign == NULL || pkey[0] == '\0')
 	{
+		if (request->origin)
+        	X509_free(request->origin);
+		request_destroy(request);
         mesa_runtime_log(RLOG_LV_FATAL, MODULE_NAME, "Failed to sign certificate");
 		evhttp_socket_send_error(request->evh_req, HTTP_NOTFOUND);
 		return xret;
@@ -1739,6 +1744,7 @@ void http_get_cb(struct evhttp_request *evh_req, void *arg)
 	{
 		if (xret == -2)
 		{
+			request_destroy(request);
 			evhttp_send_reply(evh_req, 200, "OK", NULL);
 			goto finish;
 		}