ssl: fix memory leak in SSLContext#ecdh_curves=

SSL_CTX_set_tmp_ecdh() increments the reference counter of EC_KEY so we must decrement with EC_KEY_free(). Fixes: fcb9b4a6b5c6 (openssl: add SSLContext#ecdh_curves=)
author: Kazuki Yamaguchi <k@rhe.jp> 2016-08-13 13:44:36 +0900
committer: Kazuki Yamaguchi <k@rhe.jp> 2016-08-13 19:02:02 +0900
commit: 91c1af869b7aa57a0bc08f1105aa874071902f7f (patch)
tree: b12a4b3a4b4a3bd538a8e9339fa21764ebe3e13d
parent: 442e14524a53d7016ac3593a5d973f95c340aff0 (diff)
download: ruby-openssl-91c1af869b7aa57a0bc08f1105aa874071902f7f.tar.gz
1 files changed, 5 insertions, 1 deletions
diff --git a/ext/openssl/ossl_ssl.c b/ext/openssl/ossl_ssl.c
index a443c055..58c21425 100644
--- a/ext/openssl/ossl_ssl.c
+++ b/ext/openssl/ossl_ssl.c
@@ -1088,7 +1088,11 @@ ossl_sslctx_set_ecdh_curves(VALUE self, VALUE arg)
 	if (!ec)
 	    ossl_raise(eSSLError, NULL);
 	EC_KEY_set_asn1_flag(ec, OPENSSL_EC_NAMED_CURVE);
-	SSL_CTX_set_tmp_ecdh(ctx, ec);
+	if (!SSL_CTX_set_tmp_ecdh(ctx, ec)) {
+	    EC_KEY_free(ec);
+	    ossl_raise(eSSLError, "SSL_CTX_set_tmp_ecdh");
+	}
+	EC_KEY_free(ec);
 # if defined(HAVE_SSL_CTX_SET_ECDH_AUTO)
 	/* tmp_ecdh and ecdh_auto conflict. tmp_ecdh is ignored when ecdh_auto
 	 * is enabled. So disable ecdh_auto. */
author	Kazuki Yamaguchi <k@rhe.jp>	2016-08-13 13:44:36 +0900
committer	Kazuki Yamaguchi <k@rhe.jp>	2016-08-13 19:02:02 +0900
commit	91c1af869b7aa57a0bc08f1105aa874071902f7f (patch)
tree	b12a4b3a4b4a3bd538a8e9339fa21764ebe3e13d
parent	442e14524a53d7016ac3593a5d973f95c340aff0 (diff)
download	ruby-openssl-91c1af869b7aa57a0bc08f1105aa874071902f7f.tar.gz