From 5059658219465c2e3e15f45c5ca3a0d251cd5fba Mon Sep 17 00:00:00 2001 From: =?utf8?q?Bodo=20M=C3=B6ller?= Date: Mon, 12 Jul 1999 17:15:42 +0000 Subject: [PATCH] fix memory leak in s3_clnt.c --- CHANGES | 6 ++++++ apps/s_server.c | 36 ++++++++++++++++++++++-------------- ssl/s3_clnt.c | 1 + 3 files changed, 29 insertions(+), 14 deletions(-) diff --git a/CHANGES b/CHANGES index d64db581f2..fbdd510da5 100644 --- a/CHANGES +++ b/CHANGES @@ -4,6 +4,12 @@ Changes between 0.9.3a and 0.9.4 + *) Fix memory leaks in s3_clnt.c: All non-anonymous SSL3/TLS1 connections + without temporary keys kept an extra copy of the server key, + and connections with temporary keys did not free everything in case + of an error. + [Bodo Moeller] + *) New function RSA_check_key and new openssl rsa option -check for verifying the consistency of RSA keys. [Ulf Moeller, Bodo Moeller] diff --git a/apps/s_server.c b/apps/s_server.c index c82c0f33d8..4b932baac2 100644 --- a/apps/s_server.c +++ b/apps/s_server.c @@ -226,6 +226,9 @@ static void sv_usage(void) BIO_printf(bio_err," -no_ssl2 - Just disable SSLv2\n"); BIO_printf(bio_err," -no_ssl3 - Just disable SSLv3\n"); BIO_printf(bio_err," -no_tls1 - Just disable TLSv1\n"); +#ifndef NO_DH + BIO_printf(bio_err," -no_dhe - Disable ephemeral DH\n"); +#endif BIO_printf(bio_err," -bugs - Turn on SSL bug compatability\n"); BIO_printf(bio_err," -www - Respond to a 'GET /' with a status page\n"); BIO_printf(bio_err," -WWW - Respond to a 'GET / HTTP/1.0' with file ./\n"); @@ -393,7 +396,7 @@ int MAIN(int argc, char *argv[]) int badop=0,bugs=0; int ret=1; int off=0; - int no_tmp_rsa=0,nocert=0; + int no_tmp_rsa=0,no_dhe=0,nocert=0; int state=0; SSL_METHOD *meth=NULL; #ifndef NO_DH @@ -518,6 +521,8 @@ int MAIN(int argc, char *argv[]) { bugs=1; } else if (strcmp(*argv,"-no_tmp_rsa") == 0) { no_tmp_rsa=1; } + else if (strcmp(*argv,"-no_dhe") == 0) + { no_dhe=1; } else if (strcmp(*argv,"-www") == 0) { www=1; } else if (strcmp(*argv,"-WWW") == 0) @@ -620,21 +625,24 @@ bad: } #ifndef NO_DH - /* EAY EAY EAY evil hack */ - dh=load_dh_param(); - if (dh != NULL) - { - BIO_printf(bio_s_out,"Setting temp DH parameters\n"); - } - else + if (!no_dhe) { - BIO_printf(bio_s_out,"Using default temp DH parameters\n"); - dh=get_dh512(); - } - (void)BIO_flush(bio_s_out); + /* EAY EAY EAY evil hack */ + dh=load_dh_param(); + if (dh != NULL) + { + BIO_printf(bio_s_out,"Setting temp DH parameters\n"); + } + else + { + BIO_printf(bio_s_out,"Using default temp DH parameters\n"); + dh=get_dh512(); + } + (void)BIO_flush(bio_s_out); - SSL_CTX_set_tmp_dh(ctx,dh); - DH_free(dh); + SSL_CTX_set_tmp_dh(ctx,dh); + DH_free(dh); + } #endif if (!set_cert_stuff(ctx,s_cert_file,s_key_file)) diff --git a/ssl/s3_clnt.c b/ssl/s3_clnt.c index 1f4e3239aa..d3e6b4d1e5 100644 --- a/ssl/s3_clnt.c +++ b/ssl/s3_clnt.c @@ -1336,6 +1336,7 @@ static int ssl3_send_client_key_exchange(SSL *s) goto err; } rsa=pkey->pkey.rsa; + EVP_PKEY_free(pkey); } tmp_buf[0]=s->client_version>>8; -- 2.25.1