Memory leak in state machine in error path

When EC is disabled, and an error occurs in ssl_generate_master_secret()
or RAND_bytes(), the error path does not free rsa_decrypt.

RT#4197

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>

diff --git a/ssl/statem/statem_srvr.c b/ssl/statem/statem_srvr.c
index 0e6f0d03dda2ee9fe9de00959ab69cefc1b1876b..79254b52485be65d72ceea119f95b09b31aaf596 100644 (file)
--- a/ssl/statem/statem_srvr.c
+++ b/ssl/statem/statem_srvr.c
@@ -2620,8 +2620,8 @@ MSG_PROCESS_RETURN tls_process_client_key_exchange(SSL *s, PACKET *pkt)
 #endif
 #ifndef OPENSSL_NO_EC
     EVP_PKEY_free(ckey);
 #endif
 #ifndef OPENSSL_NO_EC
     EVP_PKEY_free(ckey);

-    OPENSSL_free(rsa_decrypt);

 #endif
 #endif

+    OPENSSL_free(rsa_decrypt);

 #ifndef OPENSSL_NO_PSK
     OPENSSL_clear_free(s->s3->tmp.psk, s->s3->tmp.psklen);
     s->s3->tmp.psk = NULL;
 #ifndef OPENSSL_NO_PSK
     OPENSSL_clear_free(s->s3->tmp.psk, s->s3->tmp.psklen);
     s->s3->tmp.psk = NULL;