At ssl_lib.c:331, SSL_new() allocates s->param:
s->param = X509_VERIFY_PARAM_new();
if (!s->param)
goto err;
X509_VERIFY_PARAM_inherit(s->param, ctx->param);
Later in the function, s->method->ssl_new() is called:
if (!s->method->ssl_new(s))
goto err;
If ssl_new() fails, the code jumps to the "err" label. The code after the "err"
label does not free s->param, resulting in a memory leak:
err:
if (s != NULL)
{
if (s->cert != NULL)
ssl_cert_free(s->cert);
if (s->ctx != NULL)
SSL_CTX_free(s->ctx); /* decrement reference count */
OPENSSL_free(s);
}
SSLerr(SSL_F_SSL_NEW,ERR_R_MALLOC_FAILURE);
return(NULL);
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List [email protected]
Automated List Manager [email protected]
