Server: Fix minor anonymous TLS memory leak

This is not documented anywhere, but SSL_CTRL_SET_TMP_DH creates a copy of the DH structure, so we can immediately free it.
TurboVNC · Aug 3, 2024 · 3531cc2 · 3531cc2
1 parent f7748f0
commit 3531cc2
Showing 1 changed file with 2 additions and 0 deletions.
diff --git a/unix/Xvnc/programs/Xserver/hw/vnc/rfbssl_openssl.c b/unix/Xvnc/programs/Xserver/hw/vnc/rfbssl_openssl.c
@@ -404,6 +404,8 @@ rfbSslCtx *rfbssl_init(rfbClientPtr cl, Bool anon)
       rfbssl_error("SSL_CTX_set_tmp_dh()");
       goto bailout;
     }
+    crypto.DH_free(dh);
+    dh = NULL;
     if (!ssl.SSL_CTX_set_cipher_list(ctx->ssl_ctx, rfbAuthCipherSuites ?
                                                    rfbAuthCipherSuites :
                                                    "aNULL")) {