Fix various memory leaks in SSL, apps and DSA

6 files changed, 21 insertions, 9 deletions

diff --git a/ssl/s2_clnt.c b/ssl/s2_clnt.c
index 0c13842014..9c8037b48b 100644
--- a/ssl/s2_clnt.c
+++ b/ssl/s2_clnt.c
@@ -953,8 +953,9 @@ unsigned char *data;
 		goto err;
 	ret=1;
 err:
-	if (sk != NULL) sk_free(sk);
-	if (x509 != NULL) X509_free(x509);
+	sk_free(sk);
+	X509_free(x509);
+	EVP_PKEY_free(pkey);
 	return(ret);
 	}
 
@@ -985,6 +986,7 @@ int padding;
 	if (i < 0)
 		SSLerr(SSL_F_SSL_RSA_PUBLIC_ENCRYPT,ERR_R_RSA_LIB);
 end:
+	EVP_PKEY_free(pkey);
 	return(i);
 	}
 
diff --git a/ssl/s2_srvr.c b/ssl/s2_srvr.c
index 7e8732f9cc..8580ac6a8d 100644
--- a/ssl/s2_srvr.c
+++ b/ssl/s2_srvr.c
@@ -910,6 +910,7 @@ SSL *s;
 		pkey=X509_get_pubkey(x509);
 		if (pkey == NULL) goto end;
 		i=EVP_VerifyFinal(&ctx,p,s->s2->tmp.rlen,pkey);
+		EVP_PKEY_free(pkey);
 		memset(&ctx,0,sizeof(ctx));
 
 		if (i) 
@@ -933,8 +934,8 @@ msg_end:
 		ssl2_return_error(s,SSL2_PE_BAD_CERTIFICATE);
 		}
 end:
-	if (sk != NULL) sk_free(sk);
-	if (x509 != NULL) X509_free(x509);
+	sk_free(sk);
+	X509_free(x509);
 	return(ret);
 	}
 
diff --git a/ssl/s3_both.c b/ssl/s3_both.c
index 487981ef0e..0dad8919c7 100644
--- a/ssl/s3_both.c
+++ b/ssl/s3_both.c
@@ -404,6 +404,7 @@ EVP_PKEY *pkey;
 		ret= -1;
 
 err:
+	if(!pkey) EVP_PKEY_free(pk);
 	return(ret);
 	}
 
diff --git a/ssl/s3_clnt.c b/ssl/s3_clnt.c
index 436215094a..363118835c 100644
--- a/ssl/s3_clnt.c
+++ b/ssl/s3_clnt.c
@@ -814,8 +814,9 @@ f_err:
 		ssl3_send_alert(s,SSL3_AL_FATAL,al);
 		}
 err:
-	if (x != NULL) X509_free(x);
-	if (sk != NULL) sk_pop_free(sk,X509_free);
+	EVP_PKEY_free(pkey);
+	X509_free(x);
+	sk_pop_free(sk,X509_free);
 	return(ret);
 	}
 
@@ -1103,11 +1104,12 @@ SSL *s;
 			goto f_err;
 			}
 		}
-
+	EVP_PKEY_free(pkey);
 	return(1);
 f_err:
 	ssl3_send_alert(s,SSL3_AL_FATAL,al);
 err:
+	EVP_PKEY_free(pkey);
 	return(-1);
 	}
 
@@ -1622,6 +1624,7 @@ SSL *s;
 	idx=c->cert_type;
 	pkey=X509_get_pubkey(c->pkeys[idx].x509);
 	i=X509_certificate_type(c->pkeys[idx].x509,pkey);
+	EVP_PKEY_free(pkey);
 
 	
 	/* Check that we have a certificate if we require one */
diff --git a/ssl/s3_srvr.c b/ssl/s3_srvr.c
index ddf377c122..a827a58d49 100644
--- a/ssl/s3_srvr.c
+++ b/ssl/s3_srvr.c
@@ -1510,6 +1510,7 @@ f_err:
 		ssl3_send_alert(s,SSL3_AL_FATAL,al);
 		}
 end:
+	EVP_PKEY_free(pkey);
 	return(ret);
 	}
 
diff --git a/ssl/ssl_rsa.c b/ssl/ssl_rsa.c
index a8a62f1b04..745a8ec24f 100644
--- a/ssl/ssl_rsa.c
+++ b/ssl/ssl_rsa.c
@@ -229,8 +229,10 @@ EVP_PKEY *pkey;
 
 	if (c->pkeys[i].x509 != NULL)
 		{
-		EVP_PKEY_copy_parameters(
-			X509_get_pubkey(c->pkeys[i].x509),pkey);
+		EVP_PKEY *pktmp;
+		pktmp =	X509_get_pubkey(c->pkeys[i].x509);
+		EVP_PKEY_copy_parameters(pktmp,pkey);
+		EVP_PKEY_free(pktmp);
 		ERR_clear_error();
 
 #ifndef NO_RSA
@@ -503,6 +505,7 @@ X509 *x;
 	if (i < 0)
 		{
 		SSLerr(SSL_F_SSL_SET_CERT,SSL_R_UNKNOWN_CERTIFICATE_TYPE);
+		EVP_PKEY_free(pkey);
 		return(0);
 		}
 
@@ -549,6 +552,7 @@ X509 *x;
 	else
 		ok=1;
 
+	EVP_PKEY_free(pkey);
 	if (bad)
 		{
 		EVP_PKEY_free(c->pkeys[i].privatekey);