From 7a88e643ffc85891aafe44ded1485aa15812c39d Mon Sep 17 00:00:00 2001 From: Remi Gacogne Date: Tue, 9 May 2023 15:15:06 +0200 Subject: [PATCH] libssl: Fix a memory leak when processing TLS tickets w/ OpenSSL 3.x (cherry picked from commit 0a18d0349145ae0c49b6dfef0be58bde925c4806) --- pdns/libssl.cc | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) diff --git a/pdns/libssl.cc b/pdns/libssl.cc index a85c5f2da6..ab7b77e55d 100644 --- a/pdns/libssl.cc +++ b/pdns/libssl.cc @@ -762,6 +762,7 @@ int OpenSSLTLSTicketKey::encrypt(unsigned char keyName[TLS_TICKETS_KEY_NAME_SIZE #if OPENSSL_VERSION_MAJOR >= 3 using ParamsBuilder = std::unique_ptr; + using Params = std::unique_ptr; auto params_build = ParamsBuilder(OSSL_PARAM_BLD_new(), OSSL_PARAM_BLD_free); if (params_build == nullptr) { @@ -772,12 +773,12 @@ int OpenSSLTLSTicketKey::encrypt(unsigned char keyName[TLS_TICKETS_KEY_NAME_SIZE return -1; } - auto* params = OSSL_PARAM_BLD_to_param(params_build.get()); + auto params = Params(OSSL_PARAM_BLD_to_param(params_build.get()), OSSL_PARAM_free); if (params == nullptr) { return -1; } - if (EVP_MAC_CTX_set_params(hctx, params) == 0) { + if (EVP_MAC_CTX_set_params(hctx, params.get()) == 0) { return -1; } @@ -801,6 +802,7 @@ bool OpenSSLTLSTicketKey::decrypt(const unsigned char* iv, EVP_CIPHER_CTX* ectx, { #if OPENSSL_VERSION_MAJOR >= 3 using ParamsBuilder = std::unique_ptr; + using Params = std::unique_ptr; auto params_build = ParamsBuilder(OSSL_PARAM_BLD_new(), OSSL_PARAM_BLD_free); if (params_build == nullptr) { @@ -811,12 +813,12 @@ bool OpenSSLTLSTicketKey::decrypt(const unsigned char* iv, EVP_CIPHER_CTX* ectx, return false; } - auto* params = OSSL_PARAM_BLD_to_param(params_build.get()); + auto params = Params(OSSL_PARAM_BLD_to_param(params_build.get()), OSSL_PARAM_free); if (params == nullptr) { return false; } - if (EVP_MAC_CTX_set_params(hctx, params) == 0) { + if (EVP_MAC_CTX_set_params(hctx, params.get()) == 0) { return false; } -- 2.47.2