Commit c4034fb5 authored by unknown's avatar unknown

Bug#23981 memory leaks from yassl code + other

 - Fix memory leak in vio_VioSSLFD that occurs when one of the calls to SSL_* function fails. As in the "ssl_des"
   test case where the server is currently not supposed to be able to read the specific cert/key file.
 - Change error message to be generic as it's called both from server and client code.


vio/viosslfactories.c:
  Fix memory leak in vio_VioSSLFD that occurs when one of the calls to SSL_* function fails. 
  Change error message to be generic as it's called both from server and client code.
parent 5320e2ea
...@@ -86,8 +86,7 @@ vio_set_cert_stuff(SSL_CTX *ctx, const char *cert_file, const char *key_file) ...@@ -86,8 +86,7 @@ vio_set_cert_stuff(SSL_CTX *ctx, const char *cert_file, const char *key_file)
if (SSL_CTX_use_certificate_file(ctx, cert_file, SSL_FILETYPE_PEM) <= 0) if (SSL_CTX_use_certificate_file(ctx, cert_file, SSL_FILETYPE_PEM) <= 0)
{ {
DBUG_PRINT("error",("unable to get certificate from '%s'\n", cert_file)); DBUG_PRINT("error",("unable to get certificate from '%s'\n", cert_file));
/* FIX stderr */ fprintf(stderr,"SSL error: ");
fprintf(stderr,"Error when connection to server using SSL:");
ERR_print_errors_fp(stderr); ERR_print_errors_fp(stderr);
fprintf(stderr,"Unable to get certificate from '%s'\n", cert_file); fprintf(stderr,"Unable to get certificate from '%s'\n", cert_file);
fflush(stderr); fflush(stderr);
...@@ -100,8 +99,7 @@ vio_set_cert_stuff(SSL_CTX *ctx, const char *cert_file, const char *key_file) ...@@ -100,8 +99,7 @@ vio_set_cert_stuff(SSL_CTX *ctx, const char *cert_file, const char *key_file)
if (SSL_CTX_use_PrivateKey_file(ctx, key_file, SSL_FILETYPE_PEM) <= 0) if (SSL_CTX_use_PrivateKey_file(ctx, key_file, SSL_FILETYPE_PEM) <= 0)
{ {
DBUG_PRINT("error", ("unable to get private key from '%s'\n", key_file)); DBUG_PRINT("error", ("unable to get private key from '%s'\n", key_file));
/* FIX stderr */ fprintf(stderr,"SSL error: ");
fprintf(stderr,"Error when connection to server using SSL:");
ERR_print_errors_fp(stderr); ERR_print_errors_fp(stderr);
fprintf(stderr,"Unable to get private key from '%s'\n", key_file); fprintf(stderr,"Unable to get private key from '%s'\n", key_file);
fflush(stderr); fflush(stderr);
...@@ -252,6 +250,7 @@ new_VioSSLFd(const char *key_file, const char *cert_file, ...@@ -252,6 +250,7 @@ new_VioSSLFd(const char *key_file, const char *cert_file,
{ {
DBUG_PRINT("error", ("failed to set ciphers to use")); DBUG_PRINT("error", ("failed to set ciphers to use"));
report_errors(); report_errors();
SSL_CTX_free(ssl_fd->ssl_context);
my_free((void*)ssl_fd,MYF(0)); my_free((void*)ssl_fd,MYF(0));
DBUG_RETURN(0); DBUG_RETURN(0);
} }
...@@ -264,6 +263,7 @@ new_VioSSLFd(const char *key_file, const char *cert_file, ...@@ -264,6 +263,7 @@ new_VioSSLFd(const char *key_file, const char *cert_file,
{ {
DBUG_PRINT("error", ("SSL_CTX_set_default_verify_paths failed")); DBUG_PRINT("error", ("SSL_CTX_set_default_verify_paths failed"));
report_errors(); report_errors();
SSL_CTX_free(ssl_fd->ssl_context);
my_free((void*)ssl_fd,MYF(0)); my_free((void*)ssl_fd,MYF(0));
DBUG_RETURN(0); DBUG_RETURN(0);
} }
...@@ -273,6 +273,7 @@ new_VioSSLFd(const char *key_file, const char *cert_file, ...@@ -273,6 +273,7 @@ new_VioSSLFd(const char *key_file, const char *cert_file,
{ {
DBUG_PRINT("error", ("vio_set_cert_stuff failed")); DBUG_PRINT("error", ("vio_set_cert_stuff failed"));
report_errors(); report_errors();
SSL_CTX_free(ssl_fd->ssl_context);
my_free((void*)ssl_fd,MYF(0)); my_free((void*)ssl_fd,MYF(0));
DBUG_RETURN(0); DBUG_RETURN(0);
} }
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment