On Thu, Dec 10, 2015 at 03:19:54PM +0100, Kurt Roeckx wrote: > On Thu, Dec 10, 2015 at 01:27:38PM +0100, Kurt Roeckx wrote: > > On Thu, Dec 10, 2015 at 01:16:48PM +0100, Kurt Roeckx wrote: > > > On Mon, Dec 07, 2015 at 03:47:56PM +0000, Michel via RT wrote: > > > > Hi, > > > > > > > > Following my previous mail, here attached is an updated patch against > > > > 1.02e > > > > to fix the SRP VBASE memory leaks. > > > > > > Can you confirm that this would be the correct patch for master? > > > > The following patch should at least compile. > > I fixed a few more things, cleaned up some things. New patch > attached.
I think there is something wrong with new SRP_gN_free(). You now also free g and N, and it's not clear to me who the owner of those is. I think the cache is, in which case we should not free them. I think the cache also isn't cleared, we should probably call SRP_VBASE_free() when SRP_VBASE_init() fails. Kurt _______________________________________________ openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
