From: Remi Tricot-Le Breton <rlebreton@haproxy.com>
Date: Thu, 3 Nov 2022 14:16:47 +0000 (+0100)
Subject: BUG/MINOR: ssl: Memory leak of DH BIGNUM fields
X-Git-Tag: v2.7-dev9~120
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=a2c21db155f52089b9474e9a13a8b270f55301b7;p=thirdparty%2Fhaproxy.git

BUG/MINOR: ssl: Memory leak of DH BIGNUM fields

When running HAProxy with OpenSSLv3, the two BIGNUMs used to build our
own DH parameters are not freed. It was not necessary previously because
ownership of those parameters was transferred to OpenSSL through the
DH_set0_pqg call.

This patch should be backported to 2.6.
---

diff --git a/src/ssl_sock.c b/src/ssl_sock.c
index 6b38d4031b..2f76bb9866 100644
--- a/src/ssl_sock.c
+++ b/src/ssl_sock.c
@@ -3073,6 +3073,8 @@ end:
 	EVP_PKEY_CTX_free(ctx);
 	OSSL_PARAM_free(params);
 	OSSL_PARAM_BLD_free(tmpl);
+	BN_free(p);
+	BN_free(g);
 	return pkey;
 #else