From: Remi Gacogne Date: Sat, 2 Jul 2016 14:26:10 +0000 (+0200) Subject: BUG/MINOR: ssl: fix potential memory leak in ssl_sock_load_dh_params() X-Git-Tag: v1.7-dev4~41 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=c7e12637df094630c4d39ed9457d8b927023e75d;p=thirdparty%2Fhaproxy.git BUG/MINOR: ssl: fix potential memory leak in ssl_sock_load_dh_params() Roberto Guimaraes reported that Valgrind complains about a leak in ssl_get_dh_1024(). This is caused caused by an oversight in ssl_sock_load_dh_params(), where local_dh_1024 is always replaced by a new DH object even if it already holds one. This patch simply checks whether local_dh_1024 is NULL before calling ssl_get_dh_1024(). --- diff --git a/src/ssl_sock.c b/src/ssl_sock.c index f24761822f..e5a6f0a561 100644 --- a/src/ssl_sock.c +++ b/src/ssl_sock.c @@ -1638,7 +1638,9 @@ int ssl_sock_load_dh_params(SSL_CTX *ctx, const char *file) if (global.tune.ssl_default_dh_param <= 1024) { /* we are limited to DH parameter of 1024 bits anyway */ - local_dh_1024 = ssl_get_dh_1024(); + if (local_dh_1024 == NULL) + local_dh_1024 = ssl_get_dh_1024(); + if (local_dh_1024 == NULL) goto end;