From 07b6e728b5c50c9578ca46f3424cc1f291d55445 Mon Sep 17 00:00:00 2001 From: Aaron Jones Date: Tue, 30 Aug 2016 10:21:46 +0000 Subject: [PATCH] OpenSSL: Initialise one context at a time If initialising the server context fails, but the client one succeeds, we will not only leak memory, but the error message reported for initialising the server context might not make sense, because we initialise the client context after and that could erase or change the list of queued errors. This scenario is considered rare. Nevertheless, we now initialise the client context after *successfully* initialising the server context. --- libratbox/src/openssl.c | 15 ++++++++------- 1 file changed, 8 insertions(+), 7 deletions(-) diff --git a/libratbox/src/openssl.c b/libratbox/src/openssl.c index 34377495..1a3cf9a9 100644 --- a/libratbox/src/openssl.c +++ b/libratbox/src/openssl.c @@ -399,24 +399,25 @@ rb_setup_ssl_server(const char *cert, const char *keyfile, const char *dhfile, c cipher_list = libratbox_ciphers; #ifdef LRB_HAVE_TLS_METHOD_API - ssl_server_ctx_new = SSL_CTX_new(TLS_server_method()); - ssl_client_ctx_new = SSL_CTX_new(TLS_client_method()); + if((ssl_server_ctx_new = SSL_CTX_new(TLS_server_method())) == NULL) #else - ssl_server_ctx_new = SSL_CTX_new(SSLv23_server_method()); - ssl_client_ctx_new = SSL_CTX_new(SSLv23_client_method()); + if((ssl_server_ctx_new = SSL_CTX_new(SSLv23_server_method())) == NULL) #endif - - if(ssl_server_ctx_new == NULL) { rb_lib_log("rb_init_openssl: Unable to initialize OpenSSL server context: %s", get_ssl_error(ERR_get_error())); return 0; } - if(ssl_client_ctx_new == NULL) + #ifdef LRB_HAVE_TLS_METHOD_API + if((ssl_client_ctx_new = SSL_CTX_new(TLS_client_method())) == NULL) + #else + if((ssl_client_ctx_new = SSL_CTX_new(SSLv23_client_method())) == NULL) + #endif { rb_lib_log("rb_init_openssl: Unable to initialize OpenSSL client context: %s", get_ssl_error(ERR_get_error())); + SSL_CTX_free(ssl_server_ctx_new); return 0; }