diff options
author | dormando <dormando@rydia.net> | 2019-09-20 12:39:30 -0700 |
---|---|---|
committer | dormando <dormando@rydia.net> | 2019-09-28 00:32:33 -0700 |
commit | 06d06ff9477780d82ef3a1851525e3bc2aa4280f (patch) | |
tree | 1d786e6fc25d3441a6c938e4d406edbd245a5204 | |
parent | 480fc665c3505336c37afb242e3412c75b3ac30c (diff) | |
download | memcached-06d06ff9477780d82ef3a1851525e3bc2aa4280f.tar.gz |
TLS: fix leak of SSL context on accept failure
frees said context. Don't use SSL_Shutdown as connection was not
established.
also fixes potential leak if dispatch_conn_new fails; but that
shouldn't be possible for most systems. requires either a malloc
failure or event_add() failure.
-rw-r--r-- | memcached.c | 1 | ||||
-rw-r--r-- | thread.c | 6 |
2 files changed, 7 insertions, 0 deletions
diff --git a/memcached.c b/memcached.c index e8c0da4..1be6583 100644 --- a/memcached.c +++ b/memcached.c @@ -5805,6 +5805,7 @@ static void drive_machine(conn *c) { if (settings.verbose) { fprintf(stderr, "SSL connection failed with error code : %d : %s\n", err, strerror(errno)); } + SSL_free(ssl); close(sfd); break; } @@ -500,6 +500,12 @@ static void thread_libevent_process(int fd, short which, void *arg) { fprintf(stderr, "Can't listen for events on fd %d\n", item->sfd); } +#ifdef TLS + if (item->ssl) { + SSL_shutdown(item->ssl); + SSL_free(item->ssl); + } +#endif close(item->sfd); } } else { |