From 8a31d3b93a492c583ccd97a5a27ab4cb466ff138 Mon Sep 17 00:00:00 2001
From: Matthias Andree <matthias.andree@gmx.de>
Date: Thu, 13 Nov 2008 11:51:49 +0000
Subject: SSL_free(context) when SSL_connect fails, plugging memleak. By
 Seiichi Ikarashi.

svn path=/branches/BRANCH_6-3/; revision=5237
---
 NEWS     | 4 ++++
 socket.c | 2 ++
 2 files changed, 6 insertions(+)

diff --git a/NEWS b/NEWS
index 5b89f6b3..57bf52b6 100644
--- a/NEWS
+++ b/NEWS
@@ -88,6 +88,10 @@ fetchmail 6.3.9 (not yet released):
 * Only print "Deleting fetchids file" if there actually is one.
   Fixes Debian Bug#374514, reported by Dan Jacobson.
 * SSL fix: check and report if SSL_set_fd fails.
+* SSL fix: close memory leak when SSL connection fails; fetchmail used to forget
+  calling SSL_free() on the SSL context, leaking in excess of 1/2 MB RAM on a
+  x86_64 system per failed SSL connection attempt.
+  Bug reported and patch provided by Seiichi Ikarashi, Fujitsu.
 
 # CHANGES:
 * autoconf 2.60 is now required to build fetchmail; it uses
diff --git a/socket.c b/socket.c
index e943f8b2..f0691b97 100644
--- a/socket.c
+++ b/socket.c
@@ -906,6 +906,8 @@ int SSLOpen(int sock, char *mycert, char *mykey, char *myproto, int certck, char
 	if (SSL_set_fd(_ssl_context[sock], sock) == 0 
 	    || SSL_connect(_ssl_context[sock]) < 1) {
 		ERR_print_errors_fp(stderr);
+		SSL_free( _ssl_context[sock] );
+		_ssl_context[sock] = NULL;
 		SSL_CTX_free(_ctx[sock]);
 		_ctx[sock] = NULL;
 		return(-1);
-- 
cgit v1.2.3