diff options
author | Kazuki Yamaguchi <k@rhe.jp> | 2016-08-13 13:44:36 +0900 |
---|---|---|
committer | Kazuki Yamaguchi <k@rhe.jp> | 2016-08-13 19:02:02 +0900 |
commit | 91c1af869b7aa57a0bc08f1105aa874071902f7f (patch) | |
tree | b12a4b3a4b4a3bd538a8e9339fa21764ebe3e13d | |
parent | 442e14524a53d7016ac3593a5d973f95c340aff0 (diff) | |
download | ruby-openssl-91c1af869b7aa57a0bc08f1105aa874071902f7f.tar.gz |
ssl: fix memory leak in SSLContext#ecdh_curves=
SSL_CTX_set_tmp_ecdh() increments the reference counter of EC_KEY so we
must decrement with EC_KEY_free().
Fixes: fcb9b4a6b5c6 (openssl: add SSLContext#ecdh_curves=)
-rw-r--r-- | ext/openssl/ossl_ssl.c | 6 |
1 files changed, 5 insertions, 1 deletions
diff --git a/ext/openssl/ossl_ssl.c b/ext/openssl/ossl_ssl.c index a443c055..58c21425 100644 --- a/ext/openssl/ossl_ssl.c +++ b/ext/openssl/ossl_ssl.c @@ -1088,7 +1088,11 @@ ossl_sslctx_set_ecdh_curves(VALUE self, VALUE arg) if (!ec) ossl_raise(eSSLError, NULL); EC_KEY_set_asn1_flag(ec, OPENSSL_EC_NAMED_CURVE); - SSL_CTX_set_tmp_ecdh(ctx, ec); + if (!SSL_CTX_set_tmp_ecdh(ctx, ec)) { + EC_KEY_free(ec); + ossl_raise(eSSLError, "SSL_CTX_set_tmp_ecdh"); + } + EC_KEY_free(ec); # if defined(HAVE_SSL_CTX_SET_ECDH_AUTO) /* tmp_ecdh and ecdh_auto conflict. tmp_ecdh is ignored when ecdh_auto * is enabled. So disable ecdh_auto. */ |