fix memory leak in s3_clnt.c

diff --git a/CHANGES b/CHANGES
index d64db581f2915e49f8bf11424f23b40a01078909..fbdd510da59e763d1d15e03f50b63f0316dfb44f 100644 (file)
--- a/CHANGES
+++ b/CHANGES
@@ -4,6 +4,12 @@
 
  Changes between 0.9.3a and 0.9.4
 
 
  Changes between 0.9.3a and 0.9.4
 

+  *) Fix memory leaks in s3_clnt.c: All non-anonymous SSL3/TLS1 connections
+     without temporary keys kept an extra copy of the server key,
+     and connections with temporary keys did not free everything in case
+     of an error.
+     [Bodo Moeller]
+

   *) New function RSA_check_key and new openssl rsa option -check
      for verifying the consistency of RSA keys.
      [Ulf Moeller, Bodo Moeller]
   *) New function RSA_check_key and new openssl rsa option -check
      for verifying the consistency of RSA keys.
      [Ulf Moeller, Bodo Moeller]

diff --git a/apps/s_server.c b/apps/s_server.c
index c82c0f33d83e420fbed0e9a54c59afe5865a65e8..4b932baac24911c80d598b4eff687e68348fd484 100644 (file)
--- a/apps/s_server.c
+++ b/apps/s_server.c
@@ -226,6 +226,9 @@ static void sv_usage(void)
        BIO_printf(bio_err," -no_ssl2      - Just disable SSLv2\n");
        BIO_printf(bio_err," -no_ssl3      - Just disable SSLv3\n");
        BIO_printf(bio_err," -no_tls1      - Just disable TLSv1\n");
        BIO_printf(bio_err," -no_ssl2      - Just disable SSLv2\n");
        BIO_printf(bio_err," -no_ssl3      - Just disable SSLv3\n");
        BIO_printf(bio_err," -no_tls1      - Just disable TLSv1\n");

+#ifndef NO_DH
+       BIO_printf(bio_err," -no_dhe       - Disable ephemeral DH\n");
+#endif

        BIO_printf(bio_err," -bugs         - Turn on SSL bug compatability\n");
        BIO_printf(bio_err," -www          - Respond to a 'GET /' with a status page\n");
        BIO_printf(bio_err," -WWW          - Respond to a 'GET /<path> HTTP/1.0' with file ./<path>\n");
        BIO_printf(bio_err," -bugs         - Turn on SSL bug compatability\n");
        BIO_printf(bio_err," -www          - Respond to a 'GET /' with a status page\n");
        BIO_printf(bio_err," -WWW          - Respond to a 'GET /<path> HTTP/1.0' with file ./<path>\n");


@@ -393,7 +396,7 @@ int MAIN(int argc, char *argv[])
        int badop=0,bugs=0;
        int ret=1;
        int off=0;
        int badop=0,bugs=0;
        int ret=1;
        int off=0;

-       int no_tmp_rsa=0,nocert=0;
+       int no_tmp_rsa=0,no_dhe=0,nocert=0;

        int state=0;
        SSL_METHOD *meth=NULL;
 #ifndef NO_DH
        int state=0;
        SSL_METHOD *meth=NULL;
 #ifndef NO_DH


@@ -518,6 +521,8 @@ int MAIN(int argc, char *argv[])
                        { bugs=1; }
                else if (strcmp(*argv,"-no_tmp_rsa") == 0)
                        { no_tmp_rsa=1; }
                        { bugs=1; }
                else if (strcmp(*argv,"-no_tmp_rsa") == 0)
                        { no_tmp_rsa=1; }

+               else if (strcmp(*argv,"-no_dhe") == 0)
+                       { no_dhe=1; }

                else if (strcmp(*argv,"-www") == 0)
                        { www=1; }
                else if (strcmp(*argv,"-WWW") == 0)
                else if (strcmp(*argv,"-www") == 0)
                        { www=1; }
                else if (strcmp(*argv,"-WWW") == 0)


@@ -620,21 +625,24 @@ bad:
                }
 
 #ifndef NO_DH
                }
 
 #ifndef NO_DH

-       /* EAY EAY EAY evil hack */
-       dh=load_dh_param();
-       if (dh != NULL)
-               {
-               BIO_printf(bio_s_out,"Setting temp DH parameters\n");
-               }
-       else
+       if (!no_dhe)

                {
                {

-               BIO_printf(bio_s_out,"Using default temp DH parameters\n");
-               dh=get_dh512();
-               }
-       (void)BIO_flush(bio_s_out);
+               /* EAY EAY EAY evil hack */
+               dh=load_dh_param();
+               if (dh != NULL)
+                       {
+                       BIO_printf(bio_s_out,"Setting temp DH parameters\n");
+                       }
+               else
+                       {
+                       BIO_printf(bio_s_out,"Using default temp DH parameters\n");
+                       dh=get_dh512();
+                       }
+               (void)BIO_flush(bio_s_out);

 
 

-       SSL_CTX_set_tmp_dh(ctx,dh);
-       DH_free(dh);
+               SSL_CTX_set_tmp_dh(ctx,dh);
+               DH_free(dh);
+               }

 #endif
        
        if (!set_cert_stuff(ctx,s_cert_file,s_key_file))
 #endif
        
        if (!set_cert_stuff(ctx,s_cert_file,s_key_file))

diff --git a/ssl/s3_clnt.c b/ssl/s3_clnt.c
index 1f4e3239aa5601cd8869eb395a2a7fe9c04f082b..d3e6b4d1e58f96974a07f1045f8583504759af2f 100644 (file)
--- a/ssl/s3_clnt.c
+++ b/ssl/s3_clnt.c
@@ -1336,6 +1336,7 @@ static int ssl3_send_client_key_exchange(SSL *s)
                                        goto err;
                                        }
                                rsa=pkey->pkey.rsa;
                                        goto err;
                                        }
                                rsa=pkey->pkey.rsa;

+                               EVP_PKEY_free(pkey);

                                }
                                
                        tmp_buf[0]=s->client_version>>8;
                                }
                                
                        tmp_buf[0]=s->client_version>>8;