From: William A. Rowe Jr Date: Wed, 27 May 2015 16:33:10 +0000 (+0000) Subject: mod_ssl: fix small memory leak in ssl_init_server_certs when ECDH is used. X-Git-Tag: 2.4.13~31 X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=fb5c0d5f14fff02062d377241dd7fc44d0b2e809;p=apache mod_ssl: fix small memory leak in ssl_init_server_certs when ECDH is used. SSL_CTX_set_tmp_ecdh increases reference count, so we have to call EC_KEY_free, otherwise eckey will not be freed. Backports: r1666363 Author: jkaluza Reviewed by: rjung, ylavic, wrowe git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1682074 13f79535-47bb-0310-9956-ffa450edef68 --- diff --git a/STATUS b/STATUS index 71a0d56b70..ce9eb76eec 100644 --- a/STATUS +++ b/STATUS @@ -105,13 +105,6 @@ RELEASE SHOWSTOPPERS: PATCHES ACCEPTED TO BACKPORT FROM TRUNK: [ start all new proposals below, under PATCHES PROPOSED. ] - *) mod_ssl: fix small memory leak in ssl_init_server_certs when ECDH is used. - SSL_CTX_set_tmp_ecdh increases reference count, so we have to call - EC_KEY_free, otherwise eckey will not be freed. - trunk patch: http://svn.apache.org/r1666363 - 2.4.x patch: http://people.apache.org/~rjung/patches/httpd-2.4.x-free-eckey.patch - +1: rjung, ylavic, wrowe - PATCHES PROPOSED TO BACKPORT FROM TRUNK: [ New proposals should be added at the end of the list ] diff --git a/modules/ssl/ssl_engine_init.c b/modules/ssl/ssl_engine_init.c index 46e022c3de..6baf2f514d 100644 --- a/modules/ssl/ssl_engine_init.c +++ b/modules/ssl/ssl_engine_init.c @@ -960,7 +960,7 @@ static apr_status_t ssl_init_server_certs(server_rec *s, #ifdef HAVE_ECC EC_GROUP *ecparams; int nid; - EC_KEY *eckey; + EC_KEY *eckey = NULL; #endif #ifndef HAVE_SSL_CONF_CMD SSL *ssl; @@ -1133,6 +1133,7 @@ static apr_status_t ssl_init_server_certs(server_rec *s, EC_KEY_new_by_curve_name(NID_X9_62_prime256v1)); #endif } + EC_KEY_free(eckey); #endif return APR_SUCCESS;