[openssl-dev] [openssl.org #4197] [PATCH] Memory leak in state machine in error path
Matt Caswell via RT
rt at openssl.org
Wed Dec 23 13:36:49 UTC 2015
On Tue Dec 22 17:02:07 2015, tshort at akamai.com wrote:
> Hello OpenSSL org:
>
> I found the following issue via code inspection. In
> tls_process_client_key_exchange(), when EC is disabled, and an error
> occurs in ssl_generate_master_secret() or RAND_bytes(), the error path
> does not free rsa_decrypt.
Patch applied. Many thanks.
Matt
More information about the openssl-dev
mailing list