From: Bernd Edlinger <bernd.edlinger@hotmail.de>
Date: Mon, 11 Sep 2023 10:26:46 +0000 (+0200)
Subject: Fix memory leaks in ssl_old_test.c
X-Git-Tag: openssl-3.2.0-alpha2~81
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=21f0b80cd4b32ba80843b812b01a6056daf14093;p=thirdparty%2Fopenssl.git

Fix memory leaks in ssl_old_test.c

This fixes a few memory leaks reported in #22049.

If SSL_CTX_set0_tmp_dh_pkey rejects the temp dh key
due to security restrictions (even when @SECLEVEL=0 is used!)
then the caller has to delete the PKEY object.
That is different to how the deprecated
SSL_CTX_set_tmp_dh_pkey was designed to work.

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22060)
---

diff --git a/test/ssl_old_test.c b/test/ssl_old_test.c
index 21834b1a363..fe168472d30 100644
--- a/test/ssl_old_test.c
+++ b/test/ssl_old_test.c
@@ -1535,8 +1535,10 @@ int main(int argc, char *argv[])
             ERR_print_errors(bio_err);
             goto end;
         }
-        SSL_CTX_set0_tmp_dh_pkey(s_ctx, dhpkey);
-        SSL_CTX_set0_tmp_dh_pkey(s_ctx2, dhpkey);
+        if (!SSL_CTX_set0_tmp_dh_pkey(s_ctx, dhpkey))
+            EVP_PKEY_free(dhpkey);
+        if (!SSL_CTX_set0_tmp_dh_pkey(s_ctx2, dhpkey))
+            EVP_PKEY_free(dhpkey);
     }
 #endif