tls: fix cert and pkey leak

Free cert and pkey once assigned to make sure they're freed one the
ssl structs are freed.

Type: fix

Change-Id: I41546c8ae7bad169a1462b3b9a3807e4644a1c2c
Signed-off-by: Florin Coras <[email protected]>

diff --git a/src/plugins/tlsopenssl/tls_openssl.c b/src/plugins/tlsopenssl/tls_openssl.c
index 65fe9a3..020971d 100644 (file)
--- a/src/plugins/tlsopenssl/tls_openssl.c
+++ b/src/plugins/tlsopenssl/tls_openssl.c
@@ -721,6 +721,7 @@ openssl_set_ckpair (SSL *ssl, u32 ckpair_index)
     }
   SSL_use_certificate (ssl, srvcert);
   BIO_free (cert_bio);
+  X509_free (srvcert);
 
   cert_bio = BIO_new (BIO_s_mem ());
   BIO_write (cert_bio, ckpair->key, vec_len (ckpair->key));
@@ -732,6 +733,7 @@ openssl_set_ckpair (SSL *ssl, u32 ckpair_index)
     }
   SSL_use_PrivateKey (ssl, pkey);
   BIO_free (cert_bio);
+  EVP_PKEY_free (pkey);
   TLS_DBG (1, "TLS client using ckpair index: %d", ckpair_index);
   return 0;
 }
@@ -1033,6 +1035,7 @@ openssl_start_listen (tls_ctx_t * lctx)
     }
 
   BIO_free (cert_bio);
+  X509_free (srvcert);
 
   cert_bio = BIO_new (BIO_s_mem ());
   if (!cert_bio)
@@ -1055,6 +1058,7 @@ openssl_start_listen (tls_ctx_t * lctx)
     }
 
   BIO_free (cert_bio);
+  EVP_PKEY_free (pkey);
 
   if (lctx->alpn_list)
     SSL_CTX_set_alpn_select_cb (ssl_ctx, openssl_alpn_select_cb,
@@ -1086,9 +1090,6 @@ openssl_stop_listen (tls_ctx_t * lctx)
   olc_index = lctx->tls_ssl_ctx;
   olc = openssl_lctx_get (olc_index);
 
-  X509_free (olc->srvcert);
-  EVP_PKEY_free (olc->pkey);
-
   SSL_CTX_free (olc->ssl_ctx);
   openssl_listen_ctx_free (olc);