> -----Ursprüngliche Nachricht----- > Von: Christophe Jaillet <[email protected]> > Gesendet: Samstag, 30. Juni 2018 14:08 > An: [email protected] > Betreff: Re: svn commit: r1682074 - in /httpd/httpd/branches/2.4.x: ./ > STATUS modules/ssl/ssl_engine_init.c > > Le 27/05/2015 à 18:33, [email protected] a écrit : > > Author: wrowe > > Date: Wed May 27 16:33:10 2015 > > New Revision: 1682074 > > > > URL: http://svn.apache.org/r1682074 > > Log: > > mod_ssl: fix small memory leak in ssl_init_server_certs when ECDH is > used. > > SSL_CTX_set_tmp_ecdh increases reference count, so we have to call > > EC_KEY_free, otherwise eckey will not be freed. > > > > Backports: r1666363 > > Author: jkaluza > > Reviewed by: rjung, ylavic, wrowe > > > > Hi, > > This backport looks incomplete. > > In the original patch (r1666363) we have: > @@ -1151,10 +1151,11 @@ > #if defined(SSL_CTX_set_ecdh_auto) > SSL_CTX_set_ecdh_auto(mctx->ssl_ctx, 1); > #else > - SSL_CTX_set_tmp_ecdh(mctx->ssl_ctx, > - > EC_KEY_new_by_curve_name(NID_X9_62_prime256v1)); > + eckey = EC_KEY_new_by_curve_name(NID_X9_62_prime256v1); > + SSL_CTX_set_tmp_ecdh(mctx->ssl_ctx, eckey); > which is not in the backported code. (neither in the .patch file, nor in > the backport itself) > > Was it intentional or should the missing part be also backported? > My feeling is that it should be merged.
I agree that this part should be merged as well. Regards Rüdiger
