diff options
author | Bernd Edlinger <bernd.edlinger@hotmail.de> | 2023-09-11 12:26:46 +0200 |
---|---|---|
committer | Bernd Edlinger <bernd.edlinger@hotmail.de> | 2023-09-13 14:31:50 +0200 |
commit | 1362474d1a58ba55adb0dd6204d66b743f8af137 (patch) | |
tree | bef94713afa29f21a098e81df7d4cc93c5fe879d | |
parent | 0d168f3812c91bafc8e0627c22b9d5761ace2f63 (diff) |
Fix memory leaks in ssl_old_test.c
This fixes a few memory leaks reported in #22049.
If SSL_CTX_set0_tmp_dh_pkey rejects the temp dh key
due to security restrictions (even when @SECLEVEL=0 is used!)
then the caller has to delete the PKEY object.
That is different to how the deprecated
SSL_CTX_set_tmp_dh_pkey was designed to work.
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22060)
(cherry picked from commit 21f0b80cd4b32ba80843b812b01a6056daf14093)
-rw-r--r-- | test/ssl_old_test.c | 6 |
1 files changed, 4 insertions, 2 deletions
diff --git a/test/ssl_old_test.c b/test/ssl_old_test.c index 91c8b5b7b5..70524dee41 100644 --- a/test/ssl_old_test.c +++ b/test/ssl_old_test.c @@ -1525,8 +1525,10 @@ int main(int argc, char *argv[]) ERR_print_errors(bio_err); goto end; } - SSL_CTX_set0_tmp_dh_pkey(s_ctx, dhpkey); - SSL_CTX_set0_tmp_dh_pkey(s_ctx2, dhpkey); + if (!SSL_CTX_set0_tmp_dh_pkey(s_ctx, dhpkey)) + EVP_PKEY_free(dhpkey); + if (!SSL_CTX_set0_tmp_dh_pkey(s_ctx2, dhpkey)) + EVP_PKEY_free(dhpkey); } #endif |