The branch master has been updated via 0618b62ca2a9c5fb7bf8421deabaee240c709040 (commit) from 06e62984c1e7cee5e50211dfb9a89d5095799133 (commit)
- Log ----------------------------------------------------------------- commit 0618b62ca2a9c5fb7bf8421deabaee240c709040 Author: Matt Caswell <m...@openssl.org> Date: Wed Feb 12 11:55:30 2020 +0000 Fix a mem leak in libssl Make sure we free up any ENGINE references after we have finished using them. Fixes #11064 Reviewed-by: Richard Levitte <levi...@openssl.org> (Merged from https://github.com/openssl/openssl/pull/11070) ----------------------------------------------------------------------- Summary of changes: ssl/ssl_lib.c | 14 ++++++++++++-- 1 file changed, 12 insertions(+), 2 deletions(-) diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c index 08fcd83ea7..23101954ec 100644 --- a/ssl/ssl_lib.c +++ b/ssl/ssl_lib.c @@ -5849,12 +5849,17 @@ const EVP_CIPHER *ssl_evp_cipher_fetch(OPENSSL_CTX *libctx, const char *properties) { #ifndef OPENSSL_NO_ENGINE + ENGINE *eng; + /* * If there is an Engine available for this cipher we use the "implicit" * form to ensure we use that engine later. */ - if (ENGINE_get_cipher_engine(nid) != NULL) + eng = ENGINE_get_cipher_engine(nid); + if (eng != NULL) { + ENGINE_finish(eng); return EVP_get_cipherbynid(nid); + } #endif /* Otherwise we do an explicit fetch */ @@ -5894,12 +5899,17 @@ const EVP_MD *ssl_evp_md_fetch(OPENSSL_CTX *libctx, const char *properties) { #ifndef OPENSSL_NO_ENGINE + ENGINE *eng; + /* * If there is an Engine available for this digest we use the "implicit" * form to ensure we use that engine later. */ - if (ENGINE_get_digest_engine(nid) != NULL) + eng = ENGINE_get_digest_engine(nid); + if (eng != NULL) { + ENGINE_finish(eng); return EVP_get_digestbynid(nid); + } #endif /* Otherwise we do an explicit fetch */