From: Joe Orton Date: Thu, 7 Jul 2016 15:51:40 +0000 (+0000) Subject: mod_ssl: Free dhparams and ecparams reading certificates at startup. X-Git-Tag: 2.2.32~114 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=86295fc39551e822debaeb0e1a156ebfbc8c4e5b;p=thirdparty%2Fapache%2Fhttpd.git mod_ssl: Free dhparams and ecparams reading certificates at startup. This fixes issue when SSLCryptoDevice does not get unregistered because of non-zero refcount during the mod_ssl unload happening on httpd startup. Submitted by: jkaluza, ylavic Reviewed by: wrowe, ylavic, jorton git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.2.x@1751814 13f79535-47bb-0310-9956-ffa450edef68 --- diff --git a/CHANGES b/CHANGES index 3e35e84584a..a26e0895e26 100644 --- a/CHANGES +++ b/CHANGES @@ -1,6 +1,9 @@ -*- coding: utf-8 -*- Changes with Apache 2.2.32 + *) mod_ssl: Fix a possible memory leak on restart for custom [EC]DH params. + [Jan Kaluza, Yann Ylavic] + *) mod_proxy: Fix a regression with 2.2.31 that caused inherited workers to use a different scoreboard slot then the original one. PR 58267. [Ruediger Pluem] diff --git a/modules/ssl/ssl_engine_init.c b/modules/ssl/ssl_engine_init.c index b2069b45ecc..854e6411722 100644 --- a/modules/ssl/ssl_engine_init.c +++ b/modules/ssl/ssl_engine_init.c @@ -900,7 +900,7 @@ static void ssl_init_server_certs(server_rec *s, const char *rsa_id, *dsa_id; #ifndef OPENSSL_NO_EC const char *ecc_id; - EC_GROUP *ecparams; + EC_GROUP *ecparams = NULL; int nid; EC_KEY *eckey = NULL; #endif @@ -973,6 +973,7 @@ static void ssl_init_server_certs(server_rec *s, "Custom DH parameters (%d bits) for %s loaded from %s", BN_num_bits(dhparams->p), vhost_id, mctx->pks->cert_files[0]); + DH_free(dhparams); } #ifndef OPENSSL_NO_EC @@ -1001,6 +1002,7 @@ static void ssl_init_server_certs(server_rec *s, #endif } EC_KEY_free(eckey); + EC_GROUP_free(ecparams); #endif }