[PATCH] Memory leak in state machine in error path
Short, Todd
tshort at akamai.com
Tue Dec 22 17:01:58 UTC 2015
Hello OpenSSL org:
I found the following issue via code inspection. In tls_process_client_key_exchange(), when EC is disabled, and an error occurs in ssl_generate_master_secret() or RAND_bytes(), the error path does not free rsa_decrypt.
Note that rsa_decrypt is not conditionally defined by OPENSSL_NO_RSA, so I did not wrap the free with that conditional.
--
-Todd Short
// tshort at akamai.com<mailto:tshort at akamai.com>
// "One if by land, two if by sea, three if by the Internet."
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mta.openssl.org/pipermail/openssl-bugs-mod/attachments/20151222/31c1d4a1/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0001-Memory-leak-in-state-machine-in-error-path.patch
Type: application/octet-stream
Size: 927 bytes
Desc: 0001-Memory-leak-in-state-machine-in-error-path.patch
URL: <http://mta.openssl.org/pipermail/openssl-bugs-mod/attachments/20151222/31c1d4a1/attachment.obj>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mta.openssl.org/pipermail/openssl-bugs-mod/attachments/20151222/31c1d4a1/attachment.htm>
More information about the openssl-bugs-mod
mailing list