Fix potential memory leak.

This can't happen because we don't implement RSA_PSK, but we probably should check here. Probably |sess_cert| shouldn't be attached to SSL_SESSION anyway; it's only relevant when initializing the session and if it's accessed afterwards, it'll be shared and cause problems. Change-Id: Id868e523195f33c22e057f9b89dc02fe68e9b554 Reviewed-on: https://boringssl-review.googlesource.com/1153 Reviewed-by: Adam Langley <agl@google.com>
author: David Benjamin <davidben@chromium.org> 2014-07-12 21:16:51 +0400
committer: Adam Langley <agl@google.com> 2014-07-15 00:49:39 +0400
commit: 0c49ec97f4f4e9e82da19ce694249c2e78de6d88 (patch)
tree: af6a8ab3bced77b165a3da6409dad0612c6d4d1f
parent: 5235f74bc21af70a18a256c7f8c099c53db302b6 (diff)
1 files changed, 5 insertions, 1 deletions
diff --git a/ssl/s3_clnt.c b/ssl/s3_clnt.c
index 246539cf..f7cc4887 100644
--- a/ssl/s3_clnt.c
+++ b/ssl/s3_clnt.c
@@ -1335,7 +1335,11 @@ int ssl3_get_key_exchange(SSL *s)
 		   later.*/
 		if (s->s3->tmp.new_cipher->algorithm_auth & SSL_aPSK)
 			{
-			s->session->sess_cert=ssl_sess_cert_new();
+			/* PSK ciphersuites that also send a
+			 * Certificate would have already initialized
+			 * |sess_cert|. */
+			if (s->session->sess_cert == NULL)
+				s->session->sess_cert = ssl_sess_cert_new();
 			if (s->session->psk_identity_hint)
 				{
 				OPENSSL_free(s->session->psk_identity_hint);
author	David Benjamin <davidben@chromium.org>	2014-07-12 21:16:51 +0400
committer	Adam Langley <agl@google.com>	2014-07-15 00:49:39 +0400
commit	0c49ec97f4f4e9e82da19ce694249c2e78de6d88 (patch)
tree	af6a8ab3bced77b165a3da6409dad0612c6d4d1f
parent	5235f74bc21af70a18a256c7f8c099c53db302b6 (diff)