Commit c849c6d9 authored Dec 22, 2015 by Todd Short Committed by Matt Caswell Dec 23, 2015

Memory leak in state machine in error path



When EC is disabled, and an error occurs in ssl_generate_master_secret()
or RAND_bytes(), the error path does not free rsa_decrypt.

RT#4197

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>

parent 87a595e5

ssl/statem/statem_srvr.c

+1 −1

Original line number	Diff line number	Diff line
		@@ -2620,8 +2620,8 @@ MSG_PROCESS_RETURN tls_process_client_key_exchange(SSL s, PACKET pkt)
		#endif
		#ifndef OPENSSL_NO_EC
		EVP_PKEY_free(ckey);
		OPENSSL_free(rsa_decrypt);
		#endif
		OPENSSL_free(rsa_decrypt);
		#ifndef OPENSSL_NO_PSK
		OPENSSL_clear_free(s->s3->tmp.psk, s->s3->tmp.psklen);
		s->s3->tmp.psk = NULL;

Admin message