Skip to content

openssl: fix memory leaks in ECH code (OpenSSL 3)#20993

Closed
vszakats wants to merge 1 commit intocurl:masterfrom
vszakats:ossl-ech-leak
Closed

openssl: fix memory leaks in ECH code (OpenSSL 3)#20993
vszakats wants to merge 1 commit intocurl:masterfrom
vszakats:ossl-ech-leak

Conversation

@vszakats
Copy link
Copy Markdown
Member

@vszakats vszakats commented Mar 18, 2026

Also drop an unnecessary cast.

Found by Codex Security

Follow-up to a362962 #11922

@vszakats
openssl: fix two memory leaks in ECH code (OpenSSL 3)
678b6ca 
Also drop an unnecessary cast.

Found by Codex Security

Follow-up to a362962 curl#11922
@github-actions github-actions bot added the TLS label Mar 18, 2026
@vszakats vszakats changed the title openssl: fix two memory leaks in ECH code (OpenSSL 3) openssl: fix memory leaks in ECH code (OpenSSL 3) Mar 18, 2026
@vszakats vszakats requested a review from Copilot March 19, 2026 00:52
@vszakats
Copy link
Copy Markdown
Member Author

vszakats commented Mar 19, 2026

augment review

@augmentcode
Copy link
Copy Markdown

augmentcode bot commented Mar 19, 2026

🤖 Augment PR Summary

Summary: Fixes OpenSSL 3 ECH retry-config tracing cleanup by freeing the inner/outer strings from SSL_ech_get1_status() in addition to the retry-config buffer.
Details: Prevents memory leaks in ossl_trace_ech_retry_configs() and removes an unnecessary cast when calling OPENSSL_free().

🤖 Was this summary useful? React with 👍 or 👎

augmentcode[bot]
augmentcode bot reviewed Mar 19, 2026
View reviewed changes
Copy link
Copy Markdown

@augmentcode augmentcode bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Review completed. No suggestions at this time.

Comment augment review to trigger a new review at any time.

Copilot AI reviewed Mar 19, 2026
View reviewed changes
Copy link
Copy Markdown

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Fixes OpenSSL ECH-related memory leaks in the vtls OpenSSL backend by ensuring all heap-allocated values returned from ECH query helpers are freed.

Changes:

  • Free inner/outer strings returned by SSL_ech_get1_status() in the retry-config tracing path.
  • Drop an unnecessary cast when freeing rcs (retry-config buffer) with OPENSSL_free().

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

You can also share your feedback on Copilot code review. Take the survey.

@vszakats vszakats closed this in 6c0772f Mar 19, 2026
@vszakats vszakats deleted the ossl-ech-leak branch March 19, 2026 11:07
dkarpov1970 pushed a commit to dkarpov1970/curl that referenced this pull request Mar 25, 2026
@vszakats
openssl: fix memory leaks in ECH code (OpenSSL 3)
9bd9078 
Also drop an unnecessary cast.

Found by Codex Security

Follow-up to a362962 curl#11922

Closes curl#20993
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

+1 more reviewer

@augmentcode augmentcode[bot] augmentcode[bot] left review comments

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

memory-leak TLS

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@vszakats