Yup, looks like a possible leak to me as well. I just applied a fix to 0.9.7 (in
beta) and 0.9.8 (in development).
This ticket is now resolved.
[[EMAIL PROTECTED] - Sat Dec 21 20:37:42 2002]:
> Hi Bug Folks!
>
> I think I found one in ssl23_connect() in ssl23_clnt.c. I'm not sure
> if this is
> the problem I've been trying to fix or not but it is potentially
> dangerous. Here's
> the code:
>
> ...
> if ((buf=BUF_MEM_new()) == NULL)
> {
> ret= -1;
> goto end;
> }
> if (!BUF_MEM_grow(buf,SSL3_RT_MAX_PLAIN_LENGTH))
> {
> ret= -1;
> goto end;
> }
> ...
>
> The stack pointer "buf" never gets freed if "BUF_MEM_grow()" fails.
> The same coding error exists in s2_clnt.c ssl2_connect() and in
> s3_clnt.c ssl3_connect().
>
> Please let me know if there's anything I can do for you,
>
> Mark P. Peterson - Vice President
> http://www.RhinoSoft.com
> Voice: +1(262) 560-9627
> FAX: +1(262) 560-9628
>
--
Richard Levitte
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
