mod_ssl: fix small memory leak in ssl_init_server_certs when ECDH is used.

SSL_CTX_set_tmp_ecdh increases reference count, so we have to call
EC_KEY_free, otherwise eckey will not be freed.

Backports: r1666363
Author: jkaluza
Reviewed by: rjung, ylavic, wrowe

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1682074 13f79535-47bb-0310-9956-ffa450edef68

diff --git a/STATUS b/STATUS
index 71a0d56b70ae96591176789adcf36577b3604150..ce9eb76eece2c7c934045eedd95f8b71b9bf90db 100644 (file)
--- a/STATUS
+++ b/STATUS
@@ -105,13 +105,6 @@ RELEASE SHOWSTOPPERS:
 PATCHES ACCEPTED TO BACKPORT FROM TRUNK:
   [ start all new proposals below, under PATCHES PROPOSED. ]
 
-  *) mod_ssl: fix small memory leak in ssl_init_server_certs when ECDH is used.
-     SSL_CTX_set_tmp_ecdh increases reference count, so we have to call
-     EC_KEY_free, otherwise eckey will not be freed.
-     trunk patch: http://svn.apache.org/r1666363
-     2.4.x patch: http://people.apache.org/~rjung/patches/httpd-2.4.x-free-eckey.patch
-     +1: rjung, ylavic, wrowe
-
 
 PATCHES PROPOSED TO BACKPORT FROM TRUNK:
   [ New proposals should be added at the end of the list ]

diff --git a/modules/ssl/ssl_engine_init.c b/modules/ssl/ssl_engine_init.c
index 46e022c3defa8c6b9ba9df678479ddbd4cae4b29..6baf2f514dc7f2fe3933608e8a773d76bcc28e5a 100644 (file)
--- a/modules/ssl/ssl_engine_init.c
+++ b/modules/ssl/ssl_engine_init.c
@@ -960,7 +960,7 @@ static apr_status_t ssl_init_server_certs(server_rec *s,
 #ifdef HAVE_ECC
     EC_GROUP *ecparams;
     int nid;
-    EC_KEY *eckey;
+    EC_KEY *eckey = NULL;
 #endif
 #ifndef HAVE_SSL_CONF_CMD
     SSL *ssl;
@@ -1133,6 +1133,7 @@ static apr_status_t ssl_init_server_certs(server_rec *s,
                              EC_KEY_new_by_curve_name(NID_X9_62_prime256v1));
 #endif
     }
+    EC_KEY_free(eckey);
 #endif
 
     return APR_SUCCESS;