[openssl-dev] Memory leak in application when we use ECDH

Tue Mar 21 09:58:16 UTC 2017

On 21/03/17 09:46, Matt Caswell wrote:
> 
> There is a potential leak in this case:
> 
>             if (s->s3->tmp.ecdh != NULL) {
>                 SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE,
>                        ERR_R_INTERNAL_ERROR);
>                 goto err;
>             }
> 
> But this is a "should not happen" scenario - so there is another bug if
> that is happening - and you would see "internal error" messages on the
> error stack.
> 
> Another slight oddity in this code is the double check of ecdhp against
> NULL which seems redundant (but otherwise harmless):
> 
>             if (ecdhp == NULL) {
>                 al = SSL_AD_HANDSHAKE_FAILURE;
>                 SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE,
>                        SSL_R_MISSING_TMP_ECDH_KEY);
>                 goto f_err;
>             }
> 
>             ...
> 
>             /* Duplicate the ECDH structure. */
>             if (ecdhp == NULL) {
>                 SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE, ERR_R_ECDH_LIB);
>                 goto err;
>             }

Fix for the above issues (which is unlikely to solve your problem) is here:

https://github.com/openssl/openssl/pull/3003

Matt