From: Matt Caswell <matt@openssl.org>
Date: Mon, 30 Jan 2017 19:36:51 +0000 (+0000)
Subject: Make sure we free and cleanse the pms value in all code paths
X-Git-Tag: OpenSSL_1_1_1-pre1~2519
X-Git-Url: https://git.librecmc.org/?a=commitdiff_plain;h=c8ab3a46530029739272e14acbfc91a5feb291a7;p=oweals%2Fopenssl.git

Make sure we free and cleanse the pms value in all code paths

Otherwise we get a memory leak.

Reviewed-by: Kurt Roeckx <kurt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2326)
---

diff --git a/ssl/s3_lib.c b/ssl/s3_lib.c
index c4d43526bd..936a301363 100644
--- a/ssl/s3_lib.c
+++ b/ssl/s3_lib.c
@@ -4118,10 +4118,8 @@ int ssl_derive(SSL *s, EVP_PKEY *privkey, EVP_PKEY *pubkey, int gensecret)
 
             rv = rv && tls13_generate_handshake_secret(s, pms, pmslen);
         } else {
-            /* Generate master secret and discard premaster */
-            rv = ssl_generate_master_secret(s, pms, pmslen, 1);
+            rv = ssl_generate_master_secret(s, pms, pmslen, 0);
         }
-        pms = NULL;
     } else {
         /* Save premaster secret */
         s->s3->tmp.pms = pms;