提交 50596582 编写于 作者: B Bodo Möller

fix memory leak in s3_clnt.c

上级 d9f0016b
......@@ -4,6 +4,12 @@
Changes between 0.9.3a and 0.9.4
*) Fix memory leaks in s3_clnt.c: All non-anonymous SSL3/TLS1 connections
without temporary keys kept an extra copy of the server key,
and connections with temporary keys did not free everything in case
of an error.
[Bodo Moeller]
*) New function RSA_check_key and new openssl rsa option -check
for verifying the consistency of RSA keys.
[Ulf Moeller, Bodo Moeller]
......
......@@ -226,6 +226,9 @@ static void sv_usage(void)
BIO_printf(bio_err," -no_ssl2 - Just disable SSLv2\n");
BIO_printf(bio_err," -no_ssl3 - Just disable SSLv3\n");
BIO_printf(bio_err," -no_tls1 - Just disable TLSv1\n");
#ifndef NO_DH
BIO_printf(bio_err," -no_dhe - Disable ephemeral DH\n");
#endif
BIO_printf(bio_err," -bugs - Turn on SSL bug compatability\n");
BIO_printf(bio_err," -www - Respond to a 'GET /' with a status page\n");
BIO_printf(bio_err," -WWW - Respond to a 'GET /<path> HTTP/1.0' with file ./<path>\n");
......@@ -393,7 +396,7 @@ int MAIN(int argc, char *argv[])
int badop=0,bugs=0;
int ret=1;
int off=0;
int no_tmp_rsa=0,nocert=0;
int no_tmp_rsa=0,no_dhe=0,nocert=0;
int state=0;
SSL_METHOD *meth=NULL;
#ifndef NO_DH
......@@ -518,6 +521,8 @@ int MAIN(int argc, char *argv[])
{ bugs=1; }
else if (strcmp(*argv,"-no_tmp_rsa") == 0)
{ no_tmp_rsa=1; }
else if (strcmp(*argv,"-no_dhe") == 0)
{ no_dhe=1; }
else if (strcmp(*argv,"-www") == 0)
{ www=1; }
else if (strcmp(*argv,"-WWW") == 0)
......@@ -620,21 +625,24 @@ bad:
}
#ifndef NO_DH
/* EAY EAY EAY evil hack */
dh=load_dh_param();
if (dh != NULL)
{
BIO_printf(bio_s_out,"Setting temp DH parameters\n");
}
else
if (!no_dhe)
{
BIO_printf(bio_s_out,"Using default temp DH parameters\n");
dh=get_dh512();
}
(void)BIO_flush(bio_s_out);
/* EAY EAY EAY evil hack */
dh=load_dh_param();
if (dh != NULL)
{
BIO_printf(bio_s_out,"Setting temp DH parameters\n");
}
else
{
BIO_printf(bio_s_out,"Using default temp DH parameters\n");
dh=get_dh512();
}
(void)BIO_flush(bio_s_out);
SSL_CTX_set_tmp_dh(ctx,dh);
DH_free(dh);
SSL_CTX_set_tmp_dh(ctx,dh);
DH_free(dh);
}
#endif
if (!set_cert_stuff(ctx,s_cert_file,s_key_file))
......
......@@ -1336,6 +1336,7 @@ static int ssl3_send_client_key_exchange(SSL *s)
goto err;
}
rsa=pkey->pkey.rsa;
EVP_PKEY_free(pkey);
}
tmp_buf[0]=s->client_version>>8;
......
Markdown is supported
0% .
You are about to add 0 people to the discussion. Proceed with caution.
先完成此消息的编辑!
想要评论请 注册