Memory leak in state machine in error path

When EC is disabled, and an error occurs in ssl_generate_master_secret() or RAND_bytes(), the error path does not free rsa_decrypt. RT#4197 Reviewed-by: N Richard Levitte <levitte@openssl.org> Reviewed-by: N Matt Caswell <matt@openssl.org>

Memory leak in state machine in error path
When EC is disabled, and an error occurs in ssl_generate_master_secret() or RAND_bytes(), the error path does not free rsa_decrypt. RT#4197 Reviewed-by: N Richard Levitte <levitte@openssl.org> Reviewed-by: N Matt Caswell <matt@openssl.org>
c849c6d9 · Todd Short · Matt Caswell · 87a595e5 · c849c6d9
隐藏空白更改
内联并排

Showing with 1 addition and 1 deletion

ssl/statem/statem_srvr.c ssl/statem/statem_srvr.c +1 -1

未找到文件。
--- a/ssl/statem/statem_srvr.c
+++ b/ssl/statem/statem_srvr.c
@@ -2620,8 +2620,8 @@ MSG_PROCESS_RETURN tls_process_client_key_exchange(SSL *s, PACKET *pkt)
 #endif
 #ifndef OPENSSL_NO_EC
    EVP_PKEY_free(ckey);
-    OPENSSL_free(rsa_decrypt);
 #endif
+    OPENSSL_free(rsa_decrypt);
 #ifndef OPENSSL_NO_PSK
    OPENSSL_clear_free(s->s3->tmp.psk, s->s3->tmp.psklen);
    s->s3->tmp.psk = NULL;