[Asterisk-code-review] res rtp asterisk: Don't leak temporary key when enabling PFS. (asterisk[11])
Joshua Colp
asteriskteam at digium.com
Wed Aug 5 05:27:34 CDT 2015
Joshua Colp has uploaded a new change for review.
https://gerrit.asterisk.org/1035
Change subject: res_rtp_asterisk: Don't leak temporary key when enabling PFS.
......................................................................
res_rtp_asterisk: Don't leak temporary key when enabling PFS.
A change recently went in which enabled perfect forward secrecy for
DTLS in res_rtp_asterisk. This was accomplished two different ways
depending on the availability of a feature in OpenSSL. The fallback
method created a temporary instance of a key but did not free it.
This change fixes that.
Change-Id: Iadc031b67a91410bbefb17ffb4218d615d051396
---
M res/res_rtp_asterisk.c
1 file changed, 8 insertions(+), 2 deletions(-)
git pull ssh://gerrit.asterisk.org:29418/asterisk refs/changes/35/1035/1
diff --git a/res/res_rtp_asterisk.c b/res/res_rtp_asterisk.c
index d3c704c..6f7f94a 100644
--- a/res/res_rtp_asterisk.c
+++ b/res/res_rtp_asterisk.c
@@ -1254,6 +1254,9 @@
{
struct ast_rtp *rtp = ast_rtp_instance_get_data(instance);
int res;
+#ifndef HAVE_OPENSSL_ECDH_AUTO
+ EC_KEY *ecdh;
+#endif
if (!dtls_cfg->enabled) {
return 0;
@@ -1273,8 +1276,11 @@
#ifdef HAVE_OPENSSL_ECDH_AUTO
SSL_CTX_set_ecdh_auto(rtp->ssl_ctx, 1);
#else
- SSL_CTX_set_tmp_ecdh(rtp->ssl_ctx,
- EC_KEY_new_by_curve_name(NID_X9_62_prime256v1));
+ ecdh = EC_KEY_new_by_curve_name(NID_X9_62_prime256v1);
+ if (ecdh) {
+ SSL_CTX_set_tmp_ecdh(rtp->ssl_ctx, ecdh);
+ EC_KEY_free(ecdh);
+ }
#endif
rtp->dtls_verify = dtls_cfg->verify;
--
To view, visit https://gerrit.asterisk.org/1035
To unsubscribe, visit https://gerrit.asterisk.org/settings
Gerrit-MessageType: newchange
Gerrit-Change-Id: Iadc031b67a91410bbefb17ffb4218d615d051396
Gerrit-PatchSet: 1
Gerrit-Project: asterisk
Gerrit-Branch: 11
Gerrit-Owner: Joshua Colp <jcolp at digium.com>
More information about the asterisk-code-review
mailing list