diff --git a/ChangeLog b/ChangeLog index 2510257424..72c9dfd55f 100644 --- a/ChangeLog +++ b/ChangeLog @@ -170,6 +170,9 @@ Changes in version 0.2.1.20 - 2009-??-?? - Avoid segfault in rare cases when finishing an introduction circuit as a client and finding out that we don't have an introduction key for it. Fixes bug 1073. Reported by Aaron Swartz. + - Work around a small memory leak in some versions of OpenSSL that + stopped the memory used by the hostname TLS extension from being + freed. o Minor features: - Add a "getinfo status/accepted-server-descriptor" controller diff --git a/src/common/tortls.c b/src/common/tortls.c index 541cdb6403..a43c4ea0a3 100644 --- a/src/common/tortls.c +++ b/src/common/tortls.c @@ -828,6 +828,9 @@ tor_tls_new(int sock, int isServer) if (!SSL_set_cipher_list(result->ssl, isServer ? SERVER_CIPHER_LIST : CLIENT_CIPHER_LIST)) { tls_log_errors(NULL, LOG_WARN, "setting ciphers"); +#ifdef SSL_set_tlsext_host_name + SSL_set_tlsext_host_name(result->ssl, NULL); +#endif SSL_free(result->ssl); tor_free(result); return NULL; @@ -838,6 +841,9 @@ tor_tls_new(int sock, int isServer) bio = BIO_new_socket(sock, BIO_NOCLOSE); if (! bio) { tls_log_errors(NULL, LOG_WARN, "opening BIO"); +#ifdef SSL_set_tlsext_host_name + SSL_set_tlsext_host_name(result->ssl, NULL); +#endif SSL_free(result->ssl); tor_free(result); return NULL; @@ -918,6 +924,9 @@ tor_tls_free(tor_tls_t *tls) if (!removed) { log_warn(LD_BUG, "Freeing a TLS that was not in the ssl->tls map."); } +#ifdef SSL_set_tlsext_host_name + SSL_set_tlsext_host_name(tls->ssl, NULL); +#endif SSL_free(tls->ssl); tls->ssl = NULL; tls->negotiated_callback = NULL;