diff options
| author | Bodo Möller <bodo@openssl.org> | 1999-07-12 17:15:42 +0000 |
|---|---|---|
| committer | Bodo Möller <bodo@openssl.org> | 1999-07-12 17:15:42 +0000 |
| commit | 5059658219465c2e3e15f45c5ca3a0d251cd5fba (patch) | |
| tree | a1a575b60ee0d4833864a2482a2619393d362a9e | |
| parent | d9f0016bc57ac680d30aa1f32c9aef91acfe5aa4 (diff) | |
| download | openssl-5059658219465c2e3e15f45c5ca3a0d251cd5fba.tar.gz | |
fix memory leak in s3_clnt.c
| -rw-r--r-- | CHANGES | 6 | ||||
| -rw-r--r-- | apps/s_server.c | 36 | ||||
| -rw-r--r-- | ssl/s3_clnt.c | 1 |
3 files changed, 29 insertions, 14 deletions
@@ -4,6 +4,12 @@ Changes between 0.9.3a and 0.9.4 + *) Fix memory leaks in s3_clnt.c: All non-anonymous SSL3/TLS1 connections + without temporary keys kept an extra copy of the server key, + and connections with temporary keys did not free everything in case + of an error. + [Bodo Moeller] + *) New function RSA_check_key and new openssl rsa option -check for verifying the consistency of RSA keys. [Ulf Moeller, Bodo Moeller] diff --git a/apps/s_server.c b/apps/s_server.c index c82c0f33d8..4b932baac2 100644 --- a/apps/s_server.c +++ b/apps/s_server.c @@ -226,6 +226,9 @@ static void sv_usage(void) BIO_printf(bio_err," -no_ssl2 - Just disable SSLv2\n"); BIO_printf(bio_err," -no_ssl3 - Just disable SSLv3\n"); BIO_printf(bio_err," -no_tls1 - Just disable TLSv1\n"); +#ifndef NO_DH + BIO_printf(bio_err," -no_dhe - Disable ephemeral DH\n"); +#endif BIO_printf(bio_err," -bugs - Turn on SSL bug compatability\n"); BIO_printf(bio_err," -www - Respond to a 'GET /' with a status page\n"); BIO_printf(bio_err," -WWW - Respond to a 'GET /<path> HTTP/1.0' with file ./<path>\n"); @@ -393,7 +396,7 @@ int MAIN(int argc, char *argv[]) int badop=0,bugs=0; int ret=1; int off=0; - int no_tmp_rsa=0,nocert=0; + int no_tmp_rsa=0,no_dhe=0,nocert=0; int state=0; SSL_METHOD *meth=NULL; #ifndef NO_DH @@ -518,6 +521,8 @@ int MAIN(int argc, char *argv[]) { bugs=1; } else if (strcmp(*argv,"-no_tmp_rsa") == 0) { no_tmp_rsa=1; } + else if (strcmp(*argv,"-no_dhe") == 0) + { no_dhe=1; } else if (strcmp(*argv,"-www") == 0) { www=1; } else if (strcmp(*argv,"-WWW") == 0) @@ -620,21 +625,24 @@ bad: } #ifndef NO_DH - /* EAY EAY EAY evil hack */ - dh=load_dh_param(); - if (dh != NULL) - { - BIO_printf(bio_s_out,"Setting temp DH parameters\n"); - } - else + if (!no_dhe) { - BIO_printf(bio_s_out,"Using default temp DH parameters\n"); - dh=get_dh512(); - } - (void)BIO_flush(bio_s_out); + /* EAY EAY EAY evil hack */ + dh=load_dh_param(); + if (dh != NULL) + { + BIO_printf(bio_s_out,"Setting temp DH parameters\n"); + } + else + { + BIO_printf(bio_s_out,"Using default temp DH parameters\n"); + dh=get_dh512(); + } + (void)BIO_flush(bio_s_out); - SSL_CTX_set_tmp_dh(ctx,dh); - DH_free(dh); + SSL_CTX_set_tmp_dh(ctx,dh); + DH_free(dh); + } #endif if (!set_cert_stuff(ctx,s_cert_file,s_key_file)) diff --git a/ssl/s3_clnt.c b/ssl/s3_clnt.c index 1f4e3239aa..d3e6b4d1e5 100644 --- a/ssl/s3_clnt.c +++ b/ssl/s3_clnt.c @@ -1336,6 +1336,7 @@ static int ssl3_send_client_key_exchange(SSL *s) goto err; } rsa=pkey->pkey.rsa; + EVP_PKEY_free(pkey); } tmp_buf[0]=s->client_version>>8; |