summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authortedu <>2014-10-19 16:21:58 +0000
committertedu <>2014-10-19 16:21:58 +0000
commita6e56fbffd79e766cebfd7a7cf0a037d1a2885b6 (patch)
tree9f7a8cd43ea474b163154bca79101b1b7a6e7124
parent1dd7af2e746703b8d2ee93724205923573237ce8 (diff)
downloadopenbsd-OPENBSD_5_4.tar.gz
openbsd-OPENBSD_5_4.tar.bz2
openbsd-OPENBSD_5_4.zip
fix two remotely triggerable memory leaks.OPENBSD_5_4
tested by jasper
-rw-r--r--src/lib/libssl/src/ssl/d1_srtp.c1
-rw-r--r--src/lib/libssl/src/ssl/t1_lib.c4
2 files changed, 4 insertions, 1 deletions
diff --git a/src/lib/libssl/src/ssl/d1_srtp.c b/src/lib/libssl/src/ssl/d1_srtp.c
index 928935bd8b..e994a0667a 100644
--- a/src/lib/libssl/src/ssl/d1_srtp.c
+++ b/src/lib/libssl/src/ssl/d1_srtp.c
@@ -213,6 +213,7 @@ static int ssl_ctx_make_profiles(const char *profiles_string,STACK_OF(SRTP_PROTE
213 else 213 else
214 { 214 {
215 SSLerr(SSL_F_SSL_CTX_MAKE_PROFILES,SSL_R_SRTP_UNKNOWN_PROTECTION_PROFILE); 215 SSLerr(SSL_F_SSL_CTX_MAKE_PROFILES,SSL_R_SRTP_UNKNOWN_PROTECTION_PROFILE);
216 sk_SRTP_PROTECTION_PROFILE_free(profiles);
216 return 1; 217 return 1;
217 } 218 }
218 219
diff --git a/src/lib/libssl/src/ssl/t1_lib.c b/src/lib/libssl/src/ssl/t1_lib.c
index 1cf17cce0d..1b69e4f34d 100644
--- a/src/lib/libssl/src/ssl/t1_lib.c
+++ b/src/lib/libssl/src/ssl/t1_lib.c
@@ -2188,8 +2188,10 @@ static int tls_decrypt_ticket(SSL *s, const unsigned char *etick, int eticklen,
2188 HMAC_Update(&hctx, etick, eticklen); 2188 HMAC_Update(&hctx, etick, eticklen);
2189 HMAC_Final(&hctx, tick_hmac, NULL); 2189 HMAC_Final(&hctx, tick_hmac, NULL);
2190 HMAC_CTX_cleanup(&hctx); 2190 HMAC_CTX_cleanup(&hctx);
2191 if (timingsafe_bcmp(tick_hmac, etick + eticklen, mlen)) 2191 if (timingsafe_bcmp(tick_hmac, etick + eticklen, mlen)) {
2192 EVP_CIPHER_CTX_cleanup(&ctx);
2192 return 2; 2193 return 2;
2194 }
2193 /* Attempt to decrypt session data */ 2195 /* Attempt to decrypt session data */
2194 /* Move p after IV to start of encrypted ticket, update length */ 2196 /* Move p after IV to start of encrypted ticket, update length */
2195 p = etick + 16 + EVP_CIPHER_CTX_iv_length(&ctx); 2197 p = etick + 16 + EVP_CIPHER_CTX_iv_length(&ctx);