diff options
author | tedu <> | 2014-10-19 16:21:58 +0000 |
---|---|---|
committer | tedu <> | 2014-10-19 16:21:58 +0000 |
commit | a6e56fbffd79e766cebfd7a7cf0a037d1a2885b6 (patch) | |
tree | 9f7a8cd43ea474b163154bca79101b1b7a6e7124 | |
parent | 1dd7af2e746703b8d2ee93724205923573237ce8 (diff) | |
download | openbsd-OPENBSD_5_4.tar.gz openbsd-OPENBSD_5_4.tar.bz2 openbsd-OPENBSD_5_4.zip |
fix two remotely triggerable memory leaks.OPENBSD_5_4
tested by jasper
-rw-r--r-- | src/lib/libssl/src/ssl/d1_srtp.c | 1 | ||||
-rw-r--r-- | src/lib/libssl/src/ssl/t1_lib.c | 4 |
2 files changed, 4 insertions, 1 deletions
diff --git a/src/lib/libssl/src/ssl/d1_srtp.c b/src/lib/libssl/src/ssl/d1_srtp.c index 928935bd8b..e994a0667a 100644 --- a/src/lib/libssl/src/ssl/d1_srtp.c +++ b/src/lib/libssl/src/ssl/d1_srtp.c | |||
@@ -213,6 +213,7 @@ static int ssl_ctx_make_profiles(const char *profiles_string,STACK_OF(SRTP_PROTE | |||
213 | else | 213 | else |
214 | { | 214 | { |
215 | SSLerr(SSL_F_SSL_CTX_MAKE_PROFILES,SSL_R_SRTP_UNKNOWN_PROTECTION_PROFILE); | 215 | SSLerr(SSL_F_SSL_CTX_MAKE_PROFILES,SSL_R_SRTP_UNKNOWN_PROTECTION_PROFILE); |
216 | sk_SRTP_PROTECTION_PROFILE_free(profiles); | ||
216 | return 1; | 217 | return 1; |
217 | } | 218 | } |
218 | 219 | ||
diff --git a/src/lib/libssl/src/ssl/t1_lib.c b/src/lib/libssl/src/ssl/t1_lib.c index 1cf17cce0d..1b69e4f34d 100644 --- a/src/lib/libssl/src/ssl/t1_lib.c +++ b/src/lib/libssl/src/ssl/t1_lib.c | |||
@@ -2188,8 +2188,10 @@ static int tls_decrypt_ticket(SSL *s, const unsigned char *etick, int eticklen, | |||
2188 | HMAC_Update(&hctx, etick, eticklen); | 2188 | HMAC_Update(&hctx, etick, eticklen); |
2189 | HMAC_Final(&hctx, tick_hmac, NULL); | 2189 | HMAC_Final(&hctx, tick_hmac, NULL); |
2190 | HMAC_CTX_cleanup(&hctx); | 2190 | HMAC_CTX_cleanup(&hctx); |
2191 | if (timingsafe_bcmp(tick_hmac, etick + eticklen, mlen)) | 2191 | if (timingsafe_bcmp(tick_hmac, etick + eticklen, mlen)) { |
2192 | EVP_CIPHER_CTX_cleanup(&ctx); | ||
2192 | return 2; | 2193 | return 2; |
2194 | } | ||
2193 | /* Attempt to decrypt session data */ | 2195 | /* Attempt to decrypt session data */ |
2194 | /* Move p after IV to start of encrypted ticket, update length */ | 2196 | /* Move p after IV to start of encrypted ticket, update length */ |
2195 | p = etick + 16 + EVP_CIPHER_CTX_iv_length(&ctx); | 2197 | p = etick + 16 + EVP_CIPHER_CTX_iv_length(&ctx); |