diff options
| author |   jsing <jsing@openbsd.org> | 2018-02-08 08:04:12 +0000 |
|---|---|---|
| committer | jsing <jsing@openbsd.org> | 2018-02-08 08:04:12 +0000 |
| commit | 0a095d8f0f0df1f9584da7e66ba117bebc6564b6 (patch) | |
| tree | 9c702c6a78fc36e9391d2bebb2191e59548e4592 | |
| parent | Assert tedu's copyright since some of the code moved here is his. (diff) | |
| download | wireguard-openbsd-0a095d8f0f0df1f9584da7e66ba117bebc6564b6.tar.xz wireguard-openbsd-0a095d8f0f0df1f9584da7e66ba117bebc6564b6.zip | |
Avoid a memory leak that results when the same tls_config is reused.
Reported by and fix from Nate Bessette <openbsd at nate dot sh> - thanks.
| -rw-r--r-- | lib/libtls/tls.c | 5 |
1 files changed, 4 insertions, 1 deletions
diff --git a/lib/libtls/tls.c b/lib/libtls/tls.c index f07c4c6deb0..95fdb8bc4b9 100644 --- a/lib/libtls/tls.c +++ b/lib/libtls/tls.c @@ -1,4 +1,4 @@ -/* $OpenBSD: tls.c,v 1.71 2017/09/20 17:05:17 jsing Exp $ */ +/* $OpenBSD: tls.c,v 1.72 2018/02/08 08:04:12 jsing Exp $ */ /* * Copyright (c) 2014 Joel Sing <jsing@openbsd.org> * @@ -269,7 +269,9 @@ tls_cert_hash(X509 *cert, char **hash) char d[EVP_MAX_MD_SIZE], *dhex = NULL; int dlen, rv = -1; + free(*hash); *hash = NULL; + if (X509_digest(cert, EVP_sha256(), d, &dlen) != 1) goto err; @@ -296,6 +298,7 @@ tls_keypair_pubkey_hash(struct tls_keypair *keypair, char **hash) char d[EVP_MAX_MD_SIZE], *dhex = NULL; int dlen, rv = -1; + free(*hash); *hash = NULL; if ((membio = BIO_new_mem_buf(keypair->cert_mem, |