BUG/MINOR: ssl: fix memory leak in ssl_fc_crtname by using SSL_CTX ex_data index

The ssl_crtname_index was registered with SSL_get_ex_new_index() but the
certificate name is stored on a SSL_CTX object via SSL_CTX_set_ex_data().
The free callback is only invoked for the object type matching the index
registration, so the strdup'd name was never freed when the SSL_CTX was
released.

Fix this by using SSL_CTX_get_ex_new_index() instead, which ensures the
free callback fires when the SSL_CTX is destroyed.

No backport needed.

diff --git a/src/ssl_sock.c b/src/ssl_sock.c
index 5c410f2a8da4336dbf3339d287242616e2394e6c..3ebd1b0d6c729b695305998eedce74533c77ce08 100644 (file)
--- a/src/ssl_sock.c
+++ b/src/ssl_sock.c
@@ -8506,7 +8506,7 @@ static void __ssl_sock_init(void)
 #endif
        ssl_client_crt_ref_index = SSL_get_ex_new_index(0, NULL, NULL, NULL, ssl_sock_clt_crt_free_func);
        ssl_client_sni_index = SSL_get_ex_new_index(0, NULL, NULL, NULL, ssl_sock_clt_sni_free_func);
-       ssl_crtname_index = SSL_get_ex_new_index(0, NULL, NULL, NULL, ssl_sock_free_crtname);
+       ssl_crtname_index = SSL_CTX_get_ex_new_index(0, NULL, NULL, NULL, ssl_sock_free_crtname);
 
 #if defined(USE_ENGINE) && !defined(OPENSSL_NO_ENGINE)
        ENGINE_load_builtin_engines();