subject:"\[openssl\-dev\] \[openssl.org #4197\] \[PATCH\] Memory leak in state machine in error path"

[openssl-dev] [openssl.org #4197] [PATCH] Memory leak in state machine in error path

2015-12-23 Thread Matt Caswell via RT

On Tue Dec 22 17:02:07 2015, tsh...@akamai.com wrote:
> Hello OpenSSL org:
>
> I found the following issue via code inspection. In
> tls_process_client_key_exchange(), when EC is disabled, and an error
> occurs in ssl_generate_master_secret() or RAND_bytes(), the error path
> does not free rsa_decrypt.


Patch applied. Many thanks.

Matt

___
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev

[openssl-dev] [openssl.org #4197] [PATCH] Memory leak in state machine in error path

2015-12-22 Thread Short, Todd via RT

Hello OpenSSL org:

I found the following issue via code inspection. In 
tls_process_client_key_exchange(), when EC is disabled, and an error occurs in 
ssl_generate_master_secret() or RAND_bytes(), the error path does not free 
rsa_decrypt.

Note that rsa_decrypt is not conditionally defined by OPENSSL_NO_RSA, so I did 
not wrap the free with that conditional.
--
-Todd Short
// tsh...@akamai.com
// "One if by land, two if by sea, three if by the Internet."



0001-Memory-leak-in-state-machine-in-error-path.patch
Description: Binary data
___
openssl-bugs-mod mailing list
openssl-bugs-...@openssl.org
https://mta.openssl.org/mailman/listinfo/openssl-bugs-mod___
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev

[openssl-dev] [openssl.org #4197] [PATCH] Memory leak in state machine in error path

[openssl-dev] [openssl.org #4197] [PATCH] Memory leak in state machine in error path

2 matches

Site Navigation

Mail list logo

Footer information