[openssl-commits] [openssl] master update

2018-08-29 Thread yang . yang 
The branch master has been updated
   via  67afcfd35b9b429493947594becf4e269bcd1a5b (commit)
   via  c2cb1a18e00fc0a9a44d9a83134e3d3b1bfb7454 (commit)
  from  307a494e5b01ff9f334a8242d31b8254c7c54baa (commit)


- Log -
commit 67afcfd35b9b429493947594becf4e269bcd1a5b
Author: Matt Caswell 
Date:   Mon Aug 27 15:04:28 2018 +0100

Free SSL object on an error path

Thanks to @fangang190 for reporting this

Fixes #7061

Reviewed-by: Paul Yang 
(Merged from https://github.com/openssl/openssl/pull/7065)

commit c2cb1a18e00fc0a9a44d9a83134e3d3b1bfb7454
Author: Matt Caswell 
Date:   Mon Aug 27 14:52:09 2018 +0100

Fix a mem leak on error in the PSK code

Thanks to @fangang190 for reporting this issue.

Fixes #7060

Reviewed-by: Paul Yang 
(Merged from https://github.com/openssl/openssl/pull/7065)

---

Summary of changes:
 apps/s_server.c | 8 ++--
 ssl/s3_lib.c| 1 +
 2 files changed, 7 insertions(+), 2 deletions(-)

diff --git a/apps/s_server.c b/apps/s_server.c
index 94c1826..e3bb1a6 100644
--- a/apps/s_server.c
+++ b/apps/s_server.c
@@ -2968,8 +2968,10 @@ static int www_body(int s, int stype, int prot, unsigned 
char *context)
 
 if (context != NULL
 && !SSL_set_session_id_context(con, context,
-   strlen((char *)context)))
+   strlen((char *)context))) {
+SSL_free(con);
 goto err;
+}
 
 sbio = BIO_new_socket(s, BIO_NOCLOSE);
 if (s_nbio_test) {
@@ -2981,7 +2983,7 @@ static int www_body(int s, int stype, int prot, unsigned 
char *context)
 SSL_set_bio(con, sbio, sbio);
 SSL_set_accept_state(con);
 
-/* SSL_set_fd(con,s); */
+/* No need to free |con| after this. Done by BIO_free(ssl_bio) */
 BIO_set_ssl(ssl_bio, con, BIO_CLOSE);
 BIO_push(io, ssl_bio);
 #ifdef CHARSET_EBCDIC
@@ -3337,6 +3339,7 @@ static int rev_body(int s, int stype, int prot, unsigned 
char *context)
 if (context != NULL
 && !SSL_set_session_id_context(con, context,
strlen((char *)context))) {
+SSL_free(con);
 ERR_print_errors(bio_err);
 goto err;
 }
@@ -3345,6 +3348,7 @@ static int rev_body(int s, int stype, int prot, unsigned 
char *context)
 SSL_set_bio(con, sbio, sbio);
 SSL_set_accept_state(con);
 
+/* No need to free |con| after this. Done by BIO_free(ssl_bio) */
 BIO_set_ssl(ssl_bio, con, BIO_CLOSE);
 BIO_push(io, ssl_bio);
 #ifdef CHARSET_EBCDIC
diff --git a/ssl/s3_lib.c b/ssl/s3_lib.c
index 5ecbc3c..7713f76 100644
--- a/ssl/s3_lib.c
+++ b/ssl/s3_lib.c
@@ -4621,6 +4621,7 @@ int ssl_generate_master_secret(SSL *s, unsigned char 
*pms, size_t pmslen,
 if (!s->method->ssl3_enc->generate_master_secret(s,
 s->session->master_key,pskpms, pskpmslen,
 >session->master_key_length)) {
+OPENSSL_clear_free(pskpms, pskpmslen);
 /* SSLfatal() already called */
 goto err;
 }
_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] [openssl] OpenSSL_1_1_0-stable update

2018-08-29 Thread yang . yang 
The branch OpenSSL_1_1_0-stable has been updated
   via  521637702fa7bee89cb598fe9b1ba7ff0f60 (commit)
  from  73bebc17a14da5278b01416b39e5c28a7d0c1861 (commit)


- Log -
commit 521637702fa7bee89cb598fe9b1ba7ff0f60
Author: Matt Caswell 
Date:   Mon Aug 27 15:04:28 2018 +0100

Free SSL object on an error path

Thanks to @fangang190 for reporting this

Fixes #7061

Reviewed-by: Paul Yang 
(Merged from https://github.com/openssl/openssl/pull/7065)

---

Summary of changes:
 apps/s_server.c | 8 ++--
 1 file changed, 6 insertions(+), 2 deletions(-)

diff --git a/apps/s_server.c b/apps/s_server.c
index e8aa323..8629833 100644
--- a/apps/s_server.c
+++ b/apps/s_server.c
@@ -2660,8 +2660,10 @@ static int www_body(int s, int stype, unsigned char 
*context)
 
 if (context
 && !SSL_set_session_id_context(con, context,
-   strlen((char *)context)))
+   strlen((char *)context))) {
+SSL_free(con);
 goto err;
+}
 
 sbio = BIO_new_socket(s, BIO_NOCLOSE);
 if (s_nbio_test) {
@@ -2673,7 +2675,7 @@ static int www_body(int s, int stype, unsigned char 
*context)
 SSL_set_bio(con, sbio, sbio);
 SSL_set_accept_state(con);
 
-/* SSL_set_fd(con,s); */
+/* No need to free |con| after this. Done by BIO_free(ssl_bio) */
 BIO_set_ssl(ssl_bio, con, BIO_CLOSE);
 BIO_push(io, ssl_bio);
 #ifdef CHARSET_EBCDIC
@@ -3030,6 +3032,7 @@ static int rev_body(int s, int stype, unsigned char 
*context)
 if (context
 && !SSL_set_session_id_context(con, context,
strlen((char *)context))) {
+SSL_free(con);
 ERR_print_errors(bio_err);
 goto err;
 }
@@ -3038,6 +3041,7 @@ static int rev_body(int s, int stype, unsigned char 
*context)
 SSL_set_bio(con, sbio, sbio);
 SSL_set_accept_state(con);
 
+/* No need to free |con| after this. Done by BIO_free(ssl_bio) */
 BIO_set_ssl(ssl_bio, con, BIO_CLOSE);
 BIO_push(io, ssl_bio);
 #ifdef CHARSET_EBCDIC
_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits