-
-
Notifications
You must be signed in to change notification settings - Fork 9.8k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Fix memory leaks in ssl_old_test.c #22060
Fix memory leaks in ssl_old_test.c #22060
Conversation
This fixes a few memory leaks reported in openssl#22049. If SSL_CTX_set0_tmp_dh_pkey rejects the temp dh key due to security restrictions (even when @SECLEVEL=0 is used!) then the caller has to delete the PKEY object. That is different to how the deprecated SSL_CTX_set_tmp_dh_pkey was designed to work.
if (!SSL_CTX_set0_tmp_dh_pkey(s_ctx, dhpkey)) | ||
EVP_PKEY_free(dhpkey); | ||
if (!SSL_CTX_set0_tmp_dh_pkey(s_ctx2, dhpkey)) | ||
EVP_PKEY_free(dhpkey); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This might be a nit, but It seems to me like the issue is that we're not properly passing ownership of the key to the ssl context, opting instead to increase the refcount under the assumption that both SSL_CTX_set0_tmp_dh_pkey calls will succeed.
would it be better to create an SSL_CTX_set1_tmp_dh_pkey function that properly increases the refcount of the passed in key iff the key is actually assigned? Then would could just cause the failure here to goto err and free the EVP_PKEY once at the exit to the function, rather than having to worry about the need to free this after each failed call where its referenced?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Given this is a fairly legacy API (not deprecated but still), I would not bother.
This pull request is ready to merge |
Merged to all branches. Thanks! |
This fixes a few memory leaks reported in #22049. If SSL_CTX_set0_tmp_dh_pkey rejects the temp dh key due to security restrictions (even when @SECLEVEL=0 is used!) then the caller has to delete the PKEY object. That is different to how the deprecated SSL_CTX_set_tmp_dh_pkey was designed to work. Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from #22060) (cherry picked from commit 21f0b80)
This fixes a few memory leaks reported in #22049. If SSL_CTX_set0_tmp_dh_pkey rejects the temp dh key due to security restrictions (even when @SECLEVEL=0 is used!) then the caller has to delete the PKEY object. That is different to how the deprecated SSL_CTX_set_tmp_dh_pkey was designed to work. Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from #22060)
This fixes a few memory leaks reported in #22049. If SSL_CTX_set0_tmp_dh_pkey rejects the temp dh key due to security restrictions (even when @SECLEVEL=0 is used!) then the caller has to delete the PKEY object. That is different to how the deprecated SSL_CTX_set_tmp_dh_pkey was designed to work. Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from #22060) (cherry picked from commit 21f0b80)
This fixes a few memory leaks reported in #22049. If SSL_CTX_set0_tmp_dh_pkey rejects the temp dh key due to security restrictions (even when @SECLEVEL=0 is used!) then the caller has to delete the PKEY object. That is different to how the deprecated SSL_CTX_set_tmp_dh_pkey was designed to work. Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from openssl/openssl#22060) Signed-off-by: fly2x <fly2x@hitls.org>
This fixes a few memory leaks reported in #22049. If SSL_CTX_set0_tmp_dh_pkey rejects the temp dh key due to security restrictions (even when @SECLEVEL=0 is used!) then the caller has to delete the PKEY object. That is different to how the deprecated SSL_CTX_set_tmp_dh_pkey was designed to work. Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from openssl/openssl#22060) (cherry picked from commit 21f0b80) Signed-off-by: fly2x <fly2x@hitls.org>
This fixes a few memory leaks reported in #22049. If SSL_CTX_set0_tmp_dh_pkey rejects the temp dh key due to security restrictions (even when @SECLEVEL=0 is used!) then the caller has to delete the PKEY object. That is different to how the deprecated SSL_CTX_set_tmp_dh_pkey was designed to work. Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from openssl/openssl#22060) (cherry picked from commit 21f0b80) Signed-off-by: fly2x <fly2x@hitls.org>
This fixes a few memory leaks reported in openssl#22049. If SSL_CTX_set0_tmp_dh_pkey rejects the temp dh key due to security restrictions (even when @SECLEVEL=0 is used!) then the caller has to delete the PKEY object. That is different to how the deprecated SSL_CTX_set_tmp_dh_pkey was designed to work. Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from openssl#22060) (cherry picked from commit 21f0b80)
This fixes a few memory leaks reported in #22049.
If SSL_CTX_set0_tmp_dh_pkey rejects the temp dh key due to security restrictions (even when @SECLEVEL=0 is used!) then the caller has to delete the PKEY object.
That is different to how the deprecated
SSL_CTX_set_tmp_dh_pkey was designed to work.
Checklist