[openssl-dev] [openssl.org #4172] SRP VBASE stuff still leaking memory
Kurt Roeckx via RT
rt at openssl.org
Thu Dec 10 14:37:46 UTC 2015
On Thu, Dec 10, 2015 at 03:19:54PM +0100, Kurt Roeckx wrote:
> On Thu, Dec 10, 2015 at 01:27:38PM +0100, Kurt Roeckx wrote:
> > On Thu, Dec 10, 2015 at 01:16:48PM +0100, Kurt Roeckx wrote:
> > > On Mon, Dec 07, 2015 at 03:47:56PM +0000, Michel via RT wrote:
> > > > Hi,
> > > >
> > > > Following my previous mail, here attached is an updated patch against 1.02e
> > > > to fix the SRP VBASE memory leaks.
> > >
> > > Can you confirm that this would be the correct patch for master?
> >
> > The following patch should at least compile.
>
> I fixed a few more things, cleaned up some things. New patch
> attached.
I think there is something wrong with new SRP_gN_free(). You now
also free g and N, and it's not clear to me who the owner of those
is. I think the cache is, in which case we should not free them.
I think the cache also isn't cleared, we should probably call
SRP_VBASE_free() when SRP_VBASE_init() fails.
Kurt
More information about the openssl-dev
mailing list