diff options
author | Selva Nair | 2021-10-30 14:57:56 -0400 |
---|---|---|
committer | Gert Doering | 2021-11-05 16:12:09 +0100 |
commit | 31e200f807033ac27566bf37a8d9d32820600a83 (patch) | |
tree | 25cf9916d1488f49ff3ca1e241f89ab0a62e77b2 /src/openvpn/crypto_openssl.c | |
parent | f1dd638ca6acf35f0913f4e3d66451a70891c3de (diff) | |
download | openvpn-31e200f807033ac27566bf37a8d9d32820600a83.zip openvpn-31e200f807033ac27566bf37a8d9d32820600a83.tar.gz |
Avoid memory leak in hmac_ctx_new (OpenSSL 3.0 only)
In OpenSSL 3.0, fetched algorithms must be freed
(down referenced). In this case, though EVP_MAC_CTX_new()
keeps a reference to 'hmac', it up-refs it. So we have to free
it here before return.
(Tested using an enable-asan build).
Signed-off-by: Selva Nair <selva.nair@gmail.com>
Acked-by: Arne Schwabe <arne@rfc2549.org>
Message-Id: <20211030185756.1831-1-selva.nair@gmail.com>
URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg23080.html
Signed-off-by: Gert Doering <gert@greenie.muc.de>
Diffstat (limited to 'src/openvpn/crypto_openssl.c')
-rw-r--r-- | src/openvpn/crypto_openssl.c | 3 |
1 files changed, 3 insertions, 0 deletions
diff --git a/src/openvpn/crypto_openssl.c b/src/openvpn/crypto_openssl.c index c43d18b..8e29a77 100644 --- a/src/openvpn/crypto_openssl.c +++ b/src/openvpn/crypto_openssl.c @@ -1097,6 +1097,9 @@ hmac_ctx_new(void) EVP_MAC *hmac = EVP_MAC_fetch(NULL, "HMAC", NULL); ctx->ctx = EVP_MAC_CTX_new(hmac); check_malloc_return(ctx->ctx); + + EVP_MAC_free(hmac); + return ctx; } |