subject:"\[openssl\-dev\] \[openssl.org #4197\] \[PATCH\] Memory leak in state machine in error path"

[openssl-dev] [openssl.org #4197] [PATCH] Memory leak in state machine in error path

2015-12-23 Thread Matt Caswell via RT

On Tue Dec 22 17:02:07 2015, tsh...@akamai.com wrote: > Hello OpenSSL org: > > I found the following issue via code inspection. In > tls_process_client_key_exchange(), when EC is disabled, and an error > occurs in ssl_generate_master_secret() or RAND_bytes(), the error path > does not free rsa_decr

[openssl-dev] [openssl.org #4197] [PATCH] Memory leak in state machine in error path

2015-12-22 Thread Short, Todd via RT

Hello OpenSSL org: I found the following issue via code inspection. In tls_process_client_key_exchange(), when EC is disabled, and an error occurs in ssl_generate_master_secret() or RAND_bytes(), the error path does not free rsa_decrypt. Note that rsa_decrypt is not conditionally defined by OP