Fix SSL memory leak.

[openssl.git] / ssl / s3_lib.c

diff --git a/ssl/s3_lib.c b/ssl/s3_lib.c
index 31f4f807790dd262571e2c437e7e36d08d817f5b..4575eeecc02b5dc6e49ef224a1573544088a9669 100644 (file)
--- a/ssl/s3_lib.c
+++ b/ssl/s3_lib.c
@@ -110,10 +110,10 @@
  */
 
 #include <stdio.h>
-#include <openssl/md5.h>
-#include <openssl/sha.h>
 #include <openssl/objects.h>
 #include "ssl_locl.h"
+#include "kssl_lcl.h"
+#include <openssl/md5.h>
 
 const char *ssl3_version_str="SSLv3" OPENSSL_VERSION_PTEXT;
 
@@ -952,6 +952,8 @@ int ssl3_new(SSL *s)
 
        if ((s3=OPENSSL_malloc(sizeof *s3)) == NULL) goto err;
        memset(s3,0,sizeof *s3);
+       EVP_MD_CTX_init(&s3->finish_dgst1);
+       EVP_MD_CTX_init(&s3->finish_dgst2);
 
        s->s3=s3;
 
@@ -979,6 +981,8 @@ void ssl3_free(SSL *s)
 #endif
        if (s->s3->tmp.ca_names != NULL)
                sk_X509_NAME_pop_free(s->s3->tmp.ca_names,X509_NAME_free);
+       EVP_MD_CTX_cleanup(&s->s3->finish_dgst1);
+       EVP_MD_CTX_cleanup(&s->s3->finish_dgst2);
        memset(s->s3,0,sizeof *s->s3);
        OPENSSL_free(s->s3);
        s->s3=NULL;
@@ -1005,6 +1009,9 @@ void ssl3_clear(SSL *s)
        rp=s->s3->rbuf.buf;
        wp=s->s3->wbuf.buf;
 
+       EVP_MD_CTX_cleanup(&s->s3->finish_dgst1);
+       EVP_MD_CTX_cleanup(&s->s3->finish_dgst2);
+
        memset(s->s3,0,sizeof *s->s3);
        if (rp != NULL) s->s3->rbuf.buf=rp;
        if (wp != NULL) s->s3->wbuf.buf=wp;
@@ -1425,6 +1432,13 @@ SSL_CIPHER *ssl3_choose_cipher(SSL *s, STACK_OF(SSL_CIPHER) *clnt,
 #endif    /* KSSL_DEBUG */
 
                alg=c->algorithms&(SSL_MKEY_MASK|SSL_AUTH_MASK);
+#ifndef OPENSSL_NO_KRB5
+                if (alg & SSL_KRB5) 
+                        {
+                        if ( !kssl_keytab_is_available(s->kssl_ctx) )
+                            continue;
+                        }
+#endif /* OPENSSL_NO_KRB5 */
                if (SSL_C_IS_EXPORT(c))
                        {
                        ok=((alg & emask) == alg)?1:0;