libratbox openssl: Don't leak EC_KEY structures.

2014-03-02 23:56:20 +00:00 · 2014-03-02 23:56:20 +00:00 · 9e26f0008b
commit 9e26f0008b
parent 023c36ae22
1 changed files with 5 additions and 1 deletions
--- a/libratbox/src/openssl.c
+++ b/libratbox/src/openssl.c
@ -325,7 +325,11 @@ rb_init_ssl(void)
 	/* Set ECDHE on OpenSSL 1.00+, but make sure it's actually available because redhat are dicks
 	   and bastardise their OpenSSL for stupid reasons... */
 	#if (OPENSSL_VERSION_NUMBER >= 0x10000000) && defined(NID_secp384r1)
-		SSL_CTX_set_tmp_ecdh(ssl_server_ctx, EC_KEY_new_by_curve_name(NID_secp384r1));
+		EC_KEY *key = EC_KEY_new_by_curve_name(NID_secp384r1);
+		if (key) {
+			SSL_CTX_set_tmp_ecdh(ssl_server_ctx, key);
+			EC_KEY_free(key);
+		}
 #ifdef SSL_OP_SINGLE_ECDH_USE
 		SSL_CTX_set_options(ssl_server_ctx, SSL_OP_SINGLE_ECDH_USE);
 #endif