From: Roberto Guimaraes <rguimaraes@fastly.com>
Date: Sat, 11 Jun 2016 22:58:10 +0000 (-0700)
Subject: BUG/MINOR: ssl: fix potential memory leak in ssl_sock_load_dh_params()
X-Git-Tag: v1.7-dev4~77
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=0ea4c23ca754c3e6c005b67403a0619ca17d4587;p=thirdparty%2Fhaproxy.git

BUG/MINOR: ssl: fix potential memory leak in ssl_sock_load_dh_params()

Valgrind reports that the memory allocated in ssl_get_dh_1024() was leaking. Upon further inspection of openssl code, it seems that SSL_CTX_set_tmp_dh makes a copy of the data, so calling DH_free afterwards makes sense.
---

diff --git a/src/ssl_sock.c b/src/ssl_sock.c
index 0d35c298dc..378fddc1c4 100644
--- a/src/ssl_sock.c
+++ b/src/ssl_sock.c
@@ -1643,6 +1643,7 @@ int ssl_sock_load_dh_params(SSL_CTX *ctx, const char *file)
 				goto end;
 
 			SSL_CTX_set_tmp_dh(ctx, local_dh_1024);
+			DH_free(local_dh_1024);
 		}
 		else {
 			SSL_CTX_set_tmp_dh_callback(ctx, ssl_get_tmp_dh);