From 90fd35c3a726e613e36ea0399507778b094181a0 Mon Sep 17 00:00:00 2001 From: Willy Tarreau Date: Thu, 30 Jun 2016 20:00:19 +0200 Subject: [PATCH] Revert "BUG/MINOR: ssl: fix potential memory leak in ssl_sock_load_dh_params()" This reverts commit 0ea4c23ca754c3e6c005b67403a0619ca17d4587. Certain very simple confs randomly segfault upon startup with openssl 1.0.2 with this patch, which seems to indicate a use after free. Better drop it and let valgrind complain about the potential leak. Also it's worth noting that the man page for SSL_CTX_set_tmp_dh() makes no mention about whether or not the element should be freed, and the example provided does not use it either. This fix should be backported to 1.6 and 1.5 where the patch was just included. --- src/ssl_sock.c | 1 - 1 file changed, 1 deletion(-) diff --git a/src/ssl_sock.c b/src/ssl_sock.c index 88d74d249..f24761822 100644 --- a/src/ssl_sock.c +++ b/src/ssl_sock.c @@ -1643,7 +1643,6 @@ int ssl_sock_load_dh_params(SSL_CTX *ctx, const char *file) goto end; SSL_CTX_set_tmp_dh(ctx, local_dh_1024); - DH_free(local_dh_1024); } else { SSL_CTX_set_tmp_dh_callback(ctx, ssl_get_tmp_dh);