From 5ff64bbc8122292ce8a25a20bfb5d1c6f35e54bc Mon Sep 17 00:00:00 2001
From: Timo Sirainen <timo.sirainen@open-xchange.com>
Date: Sat, 17 Jun 2023 23:57:18 +0300
Subject: [PATCH] lib-ssl-iostream: Fix memory leak when storing JA3 string

Broken by 3ca8852ec531b83c86c30b890b7f0200cf86105a
---
 src/lib-ssl-iostream/iostream-openssl-context.c | 5 +++--
 src/lib-ssl-iostream/iostream-openssl.c         | 1 +
 src/lib-ssl-iostream/iostream-openssl.h         | 2 +-
 3 files changed, 5 insertions(+), 3 deletions(-)

diff --git a/src/lib-ssl-iostream/iostream-openssl-context.c b/src/lib-ssl-iostream/iostream-openssl-context.c
index 32eb970582..492d63b06b 100644
--- a/src/lib-ssl-iostream/iostream-openssl-context.c
+++ b/src/lib-ssl-iostream/iostream-openssl-context.c
@@ -456,7 +456,7 @@ static int ssl_clienthello_callback(SSL *ssl, int *al ATTR_UNUSED,
 	int ver = SSL_version(ssl)-1;
 	const unsigned char *ciphers = NULL;
 	size_t nciphers = 0;
-	string_t *ja3 = str_new(ssl_io->ctx->pool, 64);
+	string_t *ja3 = t_str_new(64);
 
 	str_printfa(ja3, "%d,", ver);
 	nciphers = SSL_client_hello_get0_ciphers(ssl, &ciphers);
@@ -521,7 +521,8 @@ static int ssl_clienthello_callback(SSL *ssl, int *al ATTR_UNUSED,
 	}
 
 	/* Store ja3 string */
-	ssl_io->ja3_str = str_c(ja3);
+	i_free(ssl_io->ja3_str);
+	ssl_io->ja3_str = i_strdup(str_c(ja3));
 
 	return SSL_CLIENT_HELLO_SUCCESS;
 }
diff --git a/src/lib-ssl-iostream/iostream-openssl.c b/src/lib-ssl-iostream/iostream-openssl.c
index fa9afb22f7..d53134902f 100644
--- a/src/lib-ssl-iostream/iostream-openssl.c
+++ b/src/lib-ssl-iostream/iostream-openssl.c
@@ -360,6 +360,7 @@ static void openssl_iostream_free(struct ssl_iostream *ssl_io)
 	i_stream_unref(&ssl_io->plain_input);
 	BIO_free(ssl_io->bio_ext);
 	SSL_free(ssl_io->ssl);
+	i_free(ssl_io->ja3_str);
 	i_free(ssl_io->plain_stream_errstr);
 	i_free(ssl_io->last_error);
 	i_free(ssl_io->connected_host);
diff --git a/src/lib-ssl-iostream/iostream-openssl.h b/src/lib-ssl-iostream/iostream-openssl.h
index fabc9a0723..065ab47564 100644
--- a/src/lib-ssl-iostream/iostream-openssl.h
+++ b/src/lib-ssl-iostream/iostream-openssl.h
@@ -47,7 +47,7 @@ struct ssl_iostream {
 	char *sni_host;
 	char *last_error;
 	char *plain_stream_errstr;
-	const char *ja3_str;
+	char *ja3_str;
 	int plain_stream_errno;
 
 	/* copied settings */
-- 
2.47.3