From patchwork Thu Jan 20 05:26:45 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Selva Nair X-Patchwork-Id: 2238 Return-Path: Delivered-To: patchwork@openvpn.net Delivered-To: patchwork@openvpn.net Received: from director12.mail.ord1d.rsapps.net ([172.27.255.54]) by backend41.mail.ord1d.rsapps.net with LMTP id GOHgOYqN6WEpcQAAqwncew (envelope-from ) for ; Thu, 20 Jan 2022 11:27:54 -0500 Received: from proxy11.mail.iad3a.rsapps.net ([172.27.255.54]) by director12.mail.ord1d.rsapps.net with LMTP id ECf5FYuN6WExRQAAIasKDg (envelope-from ) for ; Thu, 20 Jan 2022 11:27:55 -0500 Received: from smtp53.gate.iad3a ([172.27.255.54]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) by proxy11.mail.iad3a.rsapps.net with LMTPS id QKZLD4uN6WHiPgAAxCvdqw (envelope-from ) for ; Thu, 20 Jan 2022 11:27:55 -0500 X-Spam-Threshold: 95 X-Spam-Score: 0 X-Spam-Flag: NO X-Virus-Scanned: OK X-Orig-To: openvpnslackdevel@openvpn.net X-Originating-Ip: [216.105.38.7] Authentication-Results: smtp53.gate.iad3a.rsapps.net; iprev=pass policy.iprev="216.105.38.7"; spf=pass smtp.mailfrom="openvpn-devel-bounces@lists.sourceforge.net" smtp.helo="lists.sourceforge.net"; dkim=fail (signature verification failed) header.d=sourceforge.net; dkim=fail (signature verification failed) header.d=sf.net; dkim=fail (signature verification failed) header.d=gmail.com; dmarc=fail (p=none; dis=none) header.from=gmail.com X-Suspicious-Flag: YES X-Classification-ID: eaf77f82-7a0d-11ec-a84f-5254009c3572-1-1 Received: from [216.105.38.7] ([216.105.38.7:57720] helo=lists.sourceforge.net) by smtp53.gate.iad3a.rsapps.net (envelope-from ) (ecelerity 4.2.38.62370 r(:)) with ESMTPS (cipher=DHE-RSA-AES256-GCM-SHA384) id 67/58-29898-A8D89E16; Thu, 20 Jan 2022 11:27:54 -0500 Received: from [127.0.0.1] (helo=sfs-ml-1.v29.lw.sourceforge.com) by sfs-ml-1.v29.lw.sourceforge.com with esmtp (Exim 4.94.2) (envelope-from ) id 1nAaHE-0005Bz-MX; Thu, 20 Jan 2022 16:27:07 +0000 Received: from [172.30.20.202] (helo=mx.sourceforge.net) by sfs-ml-1.v29.lw.sourceforge.com with esmtps (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.94.2) (envelope-from ) id 1nAaHD-0005Bp-Cg for openvpn-devel@lists.sourceforge.net; Thu, 20 Jan 2022 16:27:05 +0000 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sourceforge.net; s=x; h=Content-Transfer-Encoding:MIME-Version:Message-Id: Date:Subject:Cc:To:From:Sender:Reply-To:Content-Type:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:In-Reply-To:References:List-Id:List-Help:List-Unsubscribe: List-Subscribe:List-Post:List-Owner:List-Archive; bh=a1pkVNeLY8NZHMx3POIEsh40z2ZLFZJWwUeVHyKT85o=; b=Mcy6pwytBeNwN/duzQ3KPaOpxi 9oj2gywlTvNB0fmeDu/r5QwJP6k/euPsn8CD9j/bTU0QqvG95hgFc1R3Vv8pttO74K7vDXdsbAzV2 ZLr9yLNmxa5FZwqzwDYYwc9JN7X4IWQJEaDfMgd0wuCp7eACIh5S4j9iJ3fmqcBGMxD4=; DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sf.net; s=x ; h=Content-Transfer-Encoding:MIME-Version:Message-Id:Date:Subject:Cc:To:From :Sender:Reply-To:Content-Type:Content-ID:Content-Description:Resent-Date: Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:In-Reply-To: References:List-Id:List-Help:List-Unsubscribe:List-Subscribe:List-Post: List-Owner:List-Archive; bh=a1pkVNeLY8NZHMx3POIEsh40z2ZLFZJWwUeVHyKT85o=; b=k 8eE5mUhZf4Y5d6asIYxN/ug+YU1vXAFNpp9OnC1fMYOGe7xo3Q8I8ofoTczTTCBOtwW4dnZZC6qjr 9QY/A9Jn1uCH1xCB5aWMlEmpQojyMUKEefwjNwMdTaT8utqga0pav5bpda+wscW1e4ScwLP9YY9wJ WbeWWEvBI25BvJKg=; Received: from mail-qk1-f171.google.com ([209.85.222.171]) by sfi-mx-1.v28.lw.sourceforge.com with esmtps (TLSv1.2:ECDHE-RSA-AES128-GCM-SHA256:128) (Exim 4.92.3) id 1nAaHB-005ANs-DE for openvpn-devel@lists.sourceforge.net; Thu, 20 Jan 2022 16:27:05 +0000 Received: by mail-qk1-f171.google.com with SMTP id c190so6273374qkg.9 for ; Thu, 20 Jan 2022 08:27:05 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=from:to:cc:subject:date:message-id:mime-version :content-transfer-encoding; bh=a1pkVNeLY8NZHMx3POIEsh40z2ZLFZJWwUeVHyKT85o=; b=VyxxOikJPVYSmELvHSQ4SjeIAG7IPq3LPizn8Bml0fTUTed7b2jHMJotLQ/M7Y+CZb AWHAKONxCYf0atzc5PcgSv62AwDzSjudqSlFHOs5nVIl8a7y6FgQY/MpsBGt5DoUANS1 4s8JEdJYbNnPEka58x8CwVSOj5BKZnVaU/7+PSyRDyY+SnrTMV/U4/4b9V689qWgS5RI Cx9su0NbaE2aA/8yM7hiRgwBTC4NGS+uV1evslOgGdP4lIsPmxnbwQ9/lXAIFeRkaV8C rwQnJbvM+MC0qCJB84GedpgdgpL8/xJOqjWui8GPk8ibNDfO1lh0IwPDAxVdz5on9v7C hYxQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:from:to:cc:subject:date:message-id:mime-version :content-transfer-encoding; bh=a1pkVNeLY8NZHMx3POIEsh40z2ZLFZJWwUeVHyKT85o=; b=zU8Co7CW7FreGl0fjPQWcMQfgzHi5gCO4rEIO6TuIgQw+TptfldZQKtYd/bX+La2u/ TrQ9LxHELiohopKE3CoCLImcDJb+XpHyx4tIguXuRV78IPyXPBmjnIzRF36HrNqVxt+r el6P3NOC6OtVW6b2lVyCAv1/9K23M96SeymeVhT8upt6BosL5RkPc4XqwfG53LBBCED0 11sThh9xUw/niPz6q0OQDoRi/y0kKv9cNd8R/3EvcKnzkw6UaMiH4Zcs6GZe5udr40zD wnGxNhnJGoyRupSm4huFa9GXRrR2LyExWspHRGvpkrBV13/Ow8IffC/ICfSQGo2ktfQH YK0Q== X-Gm-Message-State: AOAM531qCLyveXCBCpXo5/YYPZLs+nRPUbHts79sEm/X8+lEg31fKGtq IEiXzX9aIMcTLuZ63Hc7MhQCHs12aeQ= X-Google-Smtp-Source: ABdhPJzU5ogCcKA3tcx/XRC5SrHBbuzjPXEyIQvstL1MKBorxNzrKI3oaf6+Ih4ssgVGbf94GQJ4Lw== X-Received: by 2002:a05:620a:4086:: with SMTP id f6mr11059525qko.146.1642696019524; Thu, 20 Jan 2022 08:26:59 -0800 (PST) Received: from uranus.home.sansel.ca (bras-vprn-tnhlon4053w-lp130-02-70-51-223-65.dsl.bell.ca. [70.51.223.65]) by smtp.gmail.com with ESMTPSA id de15sm1695006qkb.4.2022.01.20.08.26.59 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 20 Jan 2022 08:26:59 -0800 (PST) From: selva.nair@gmail.com To: openvpn-devel@lists.sourceforge.net Date: Thu, 20 Jan 2022 11:26:45 -0500 Message-Id: <20220120162645.13881-1-selva.nair@gmail.com> X-Mailer: git-send-email 2.30.2 MIME-Version: 1.0 X-Spam-Report: Spam detection software, running on the system "util-spamd-1.v13.lw.sourceforge.com", has NOT identified this incoming email as spam. The original message has been attached to this so you can view it or label similar future email. If you have any questions, see the administrator of that system for details. Content preview: From: Selva Nair As pointed out by Gert Doering Signed-off-by: Selva Nair --- To be applied after 06/18 of xkey patchset Content analysis details: (-0.2 points, 6.0 required) pts rule name description ---- ---------------------- -------------------------------------------------- 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record -0.0 SPF_PASS SPF: sender matches SPF record 0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail provider [selva.nair[at]gmail.com] -0.1 DKIM_VALID_EF Message has a valid DKIM or DK signature from envelope-from domain -0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from author's domain 0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid -0.1 DKIM_VALID Message has at least one valid DKIM or DK signature -0.0 RCVD_IN_MSPIKE_H2 RBL: Average reputation (+2) [209.85.222.171 listed in wl.mailspike.net] -0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at https://www.dnswl.org/, no trust [209.85.222.171 listed in list.dnswl.org] X-Headers-End: 1nAaHB-005ANs-DE Subject: [Openvpn-devel] [PATCH] Fix a potential memory leak in tls_ctx_use_management_external_key X-BeenThere: openvpn-devel@lists.sourceforge.net X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: openvpn-devel-bounces@lists.sourceforge.net X-getmail-retrieved-from-mailbox: Inbox From: Selva Nair As pointed out by Gert Doering Signed-off-by: Selva Nair Reported-by: Gert Doering Acked-by: Antonio Quartulli --- To be applied after 06/18 of xkey patchset src/openvpn/ssl_openssl.c | 1 + 1 file changed, 1 insertion(+) diff --git a/src/openvpn/ssl_openssl.c b/src/openvpn/ssl_openssl.c index b48845eb..3f8c3091 100644 --- a/src/openvpn/ssl_openssl.c +++ b/src/openvpn/ssl_openssl.c @@ -1493,6 +1493,7 @@ tls_ctx_use_management_external_key(struct tls_root_ctx *ctx) if (!privkey || !SSL_CTX_use_PrivateKey(ctx->ctx, privkey)) { + EVP_PKEY_free(privkey); goto cleanup; } EVP_PKEY_free(privkey);