From c7e12637df094630c4d39ed9457d8b927023e75d Mon Sep 17 00:00:00 2001 From: Remi Gacogne Date: Sat, 2 Jul 2016 16:26:10 +0200 Subject: [PATCH] BUG/MINOR: ssl: fix potential memory leak in ssl_sock_load_dh_params() Roberto Guimaraes reported that Valgrind complains about a leak in ssl_get_dh_1024(). This is caused caused by an oversight in ssl_sock_load_dh_params(), where local_dh_1024 is always replaced by a new DH object even if it already holds one. This patch simply checks whether local_dh_1024 is NULL before calling ssl_get_dh_1024(). --- src/ssl_sock.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/src/ssl_sock.c b/src/ssl_sock.c index f24761822..e5a6f0a56 100644 --- a/src/ssl_sock.c +++ b/src/ssl_sock.c @@ -1638,7 +1638,9 @@ int ssl_sock_load_dh_params(SSL_CTX *ctx, const char *file) if (global.tune.ssl_default_dh_param <= 1024) { /* we are limited to DH parameter of 1024 bits anyway */ - local_dh_1024 = ssl_get_dh_1024(); + if (local_dh_1024 == NULL) + local_dh_1024 = ssl_get_dh_1024(); + if (local_dh_1024 == NULL) goto end;