From c8ab3a46530029739272e14acbfc91a5feb291a7 Mon Sep 17 00:00:00 2001 From: Matt Caswell Date: Mon, 30 Jan 2017 19:36:51 +0000 Subject: [PATCH] Make sure we free and cleanse the pms value in all code paths Otherwise we get a memory leak. Reviewed-by: Kurt Roeckx (Merged from https://github.com/openssl/openssl/pull/2326) --- ssl/s3_lib.c | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/ssl/s3_lib.c b/ssl/s3_lib.c index c4d43526bd..936a301363 100644 --- a/ssl/s3_lib.c +++ b/ssl/s3_lib.c @@ -4118,10 +4118,8 @@ int ssl_derive(SSL *s, EVP_PKEY *privkey, EVP_PKEY *pubkey, int gensecret) rv = rv && tls13_generate_handshake_secret(s, pms, pmslen); } else { - /* Generate master secret and discard premaster */ - rv = ssl_generate_master_secret(s, pms, pmslen, 1); + rv = ssl_generate_master_secret(s, pms, pmslen, 0); } - pms = NULL; } else { /* Save premaster secret */ s->s3->tmp.pms = pms;