diff mbox series

[Openvpn-devel,v1] Add missing EVP_KDF_CTX_free in ssl_tls1_PRF

Message ID 20240501121819.12805-1-gert@greenie.muc.de
State Accepted
Headers show
Series [Openvpn-devel,v1] Add missing EVP_KDF_CTX_free in ssl_tls1_PRF | expand

Commit Message

Gert Doering May 1, 2024, 12:18 p.m. UTC 
From: Arne Schwabe <arne@rfc2549.org>

This is just missing in the function. Found by clang+ASAN.

Change-Id: I5d70198f6adbee8add619ee8a0bd6b5b1f61e506
Signed-off-by: Arne Schwabe <arne@rfc2549.org>
Acked-by: Frank Lichtenheld <frank@lichtenheld.com>
---

This change was reviewed on Gerrit and approved by at least one
developer. I request to merge it to master.

Gerrit URL: https://gerrit.openvpn.net/c/openvpn/+/581
This mail reflects revision 1 of this Change.

Acked-by according to Gerrit (reflected above):
Frank Lichtenheld <frank@lichtenheld.com>

Comments

Gert Doering May 1, 2024, 4:37 p.m. UTC | #1 
Mildly tested (GHA and local t_client tests which *should* excercise this
code path with the libraries + peers involved).

Your patch has been applied to the master branch.

Not applied to release/2.6 as the code lacking this free() is master-only.

commit d4eb413181d1c414b854d0829f00cda5ad1e293d (master)
Author: Arne Schwabe
Date:   Wed May 1 14:18:19 2024 +0200

     Add missing EVP_KDF_CTX_free in ssl_tls1_PRF

     Signed-off-by: Arne Schwabe <arne@rfc2549.org>
     Acked-by: Frank Lichtenheld <frank@lichtenheld.com>
     Message-Id: <20240501121819.12805-1-gert@greenie.muc.de>
     URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg28591.html
     Signed-off-by: Gert Doering <gert@greenie.muc.de>


--
kind regards,

Gert Doering
diff mbox series

Patch

diff --git a/src/openvpn/crypto_openssl.c b/src/openvpn/crypto_openssl.c
index b2c4eb6..61c6518 100644
--- a/src/openvpn/crypto_openssl.c
+++ b/src/openvpn/crypto_openssl.c
@@ -1372,6 +1372,7 @@ 
 err:
     ret = false;
 out:
+    EVP_KDF_CTX_free(kctx);
     EVP_KDF_free(kdf);
 
     return ret;