radius: Destroy MD context, causing leaks with OpenSSL >= 3.0 (#4898)

author Jorge Pereira <jpereira@users.noreply.github.com>

Mon, 20 Feb 2023 15:14:09 +0000 (12:14 -0300)

committer GitHub <noreply@github.com>

Mon, 20 Feb 2023 15:14:09 +0000 (09:14 -0600)
author Jorge Pereira <jpereira@users.noreply.github.com>
Mon, 20 Feb 2023 15:14:09 +0000 (12:14 -0300)
committer GitHub <noreply@github.com>
Mon, 20 Feb 2023 15:14:09 +0000 (09:14 -0600)
diff --git a/src/lib/radius.c b/src/lib/radius.c

index 524e68088e0397ec3edd727e2fd703161e6eba61..76737e456978525f1ac51c3c1768087280b4e3b7 100644 (file)
--- a/src/lib/radius.c
+++ b/src/lib/radius.c
@@ -4862,6 +4862,8 @@ ssize_t rad_tunnel_pwdecode(uint8_t *passwd, size_t *pwlen, char const *secret,
                         reallen = passwd[2] ^ digest[0];
                         if (reallen > encrypted_len) {
                                 fr_strerror_printf("tunnel password is too long for the attribute");
+                               fr_md5_destroy(&old);
+                               fr_md5_destroy(&context);
                                 return -1;
                         }
author	Jorge Pereira <jpereira@users.noreply.github.com>
	Mon, 20 Feb 2023 15:14:09 +0000 (12:14 -0300)
committer	GitHub <noreply@github.com>
	Mon, 20 Feb 2023 15:14:09 +0000 (09:14 -0600)