| Message ID | 20170721204600.29816-1-mmichels@redhat.com |
|---|---|
| State | Accepted |
| Headers | show |
On Fri, Jul 21, 2017 at 4:46 PM, Mark Michelson <mmichels@redhat.com> wrote: > ssl_new_stream() takes ownership of the passed-in 'name' parameter. > In error scenarios, the name is leaked. I was able to trigger this > leak by attempting to connect to an ovsdb over SSL and specifying > non-existent certificate, private key, and CA cert files. > > This patch fixes the problem by freeing 'name' in the error label. > > Signed-off-by: Mark Michelson <mmichels@redhat.com> Thanks! I applied this to master. I also applied a patch adding your name to the AUTHORS.rst file.
diff --git a/lib/stream-ssl.c b/lib/stream-ssl.c index a198d6783..13803014b 100644 --- a/lib/stream-ssl.c +++ b/lib/stream-ssl.c @@ -300,6 +300,7 @@ error: SSL_free(ssl); } closesocket(fd); + free(name); return retval; }
ssl_new_stream() takes ownership of the passed-in 'name' parameter. In error scenarios, the name is leaked. I was able to trigger this leak by attempting to connect to an ovsdb over SSL and specifying non-existent certificate, private key, and CA cert files. This patch fixes the problem by freeing 'name' in the error label. Signed-off-by: Mark Michelson <mmichels@redhat.com> --- lib/stream-ssl.c | 1 + 1 file changed, 1 insertion(+)