From: Jan Kaluža <jkaluza@apache.org>
Date: Fri, 13 Mar 2015 07:32:46 +0000 (+0000)
Subject: * mod_ssl: fix small memory leak in ssl_init_server_certs when ECDH is used.
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=35ae2e259e42540a782753feb6de5a6d8099784a;p=thirdparty%2Fapache%2Fhttpd.git

* mod_ssl: fix small memory leak in ssl_init_server_certs when ECDH is used.
SSL_CTX_set_tmp_ecdh increases reference count, so we have to call EC_KEY_free,
otherwise eckey will not be freed.


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1666363 13f79535-47bb-0310-9956-ffa450edef68
---

diff --git a/modules/ssl/ssl_engine_init.c b/modules/ssl/ssl_engine_init.c
index b44e01f1c27..728ee016936 100644
--- a/modules/ssl/ssl_engine_init.c
+++ b/modules/ssl/ssl_engine_init.c
@@ -982,7 +982,7 @@ static apr_status_t ssl_init_server_certs(server_rec *s,
 #ifdef HAVE_ECC
     EC_GROUP *ecparams;
     int nid;
-    EC_KEY *eckey;
+    EC_KEY *eckey = NULL;
 #endif
 #ifndef HAVE_SSL_CONF_CMD
     SSL *ssl;
@@ -1151,10 +1151,11 @@ static apr_status_t ssl_init_server_certs(server_rec *s,
 #if defined(SSL_CTX_set_ecdh_auto)
         SSL_CTX_set_ecdh_auto(mctx->ssl_ctx, 1);
 #else
-        SSL_CTX_set_tmp_ecdh(mctx->ssl_ctx,
-                             EC_KEY_new_by_curve_name(NID_X9_62_prime256v1));
+        eckey = EC_KEY_new_by_curve_name(NID_X9_62_prime256v1);
+        SSL_CTX_set_tmp_ecdh(mctx->ssl_ctx, eckey);
 #endif
     }
+    EC_KEY_free(eckey);
 #endif
 
     return APR_SUCCESS;