ssl_cert_dup looks to me as if it leaks memory when some allocations fail. In this shortened version, consider what happens when `EC_KEY_dup(cert->ecdh_tmp)` fails. As far as I can see, `ret` leaks whenever a `goto err;` happens.
CERT *ssl_cert_dup(CERT *cert)
{
CERT *ret;
int i;
ret = (CERT *)OPENSSL_malloc(sizeof(CERT));
[...]
#ifndef OPENSSL_NO_ECDH
if (cert->ecdh_tmp)
{
ret->ecdh_tmp = EC_KEY_dup(cert->ecdh_tmp);
if (ret->ecdh_tmp == NULL)
{
SSLerr(SSL_F_SSL_CERT_DUP, ERR_R_EC_LIB);
goto err;
}
}
ret->ecdh_tmp_cb = cert->ecdh_tmp_cb;
#endif
[...]
return(ret);
[...]
#if !defined(OPENSSL_NO_DH) || !defined(OPENSSL_NO_ECDH)
err:
#endif
#ifndef OPENSSL_NO_RSA
if (ret->rsa_tmp != NULL)
RSA_free(ret->rsa_tmp);
#endif
#ifndef OPENSSL_NO_DH
if (ret->dh_tmp != NULL)
DH_free(ret->dh_tmp);
#endif
#ifndef OPENSSL_NO_ECDH
if (ret->ecdh_tmp != NULL)
EC_KEY_free(ret->ecdh_tmp);
#endif
for (i = 0; i < SSL_PKEY_NUM; i++)
{
if (ret->pkeys[i].x509 != NULL)
X509_free(ret->pkeys[i].x509);
if (ret->pkeys[i].privatekey != NULL)
EVP_PKEY_free(ret->pkeys[i].privatekey);
}
return NULL;
}
signature.asc
Description: Digital signature
