From 5f4382247a0074d2080921956cd9784bbd1824c2 Mon Sep 17 00:00:00 2001
From: Hans Zandbelt <hans.zandbelt@zmartzone.eu>
Date: Sun, 11 Apr 2021 18:49:38 +0200
Subject: improve SSL leak fix redis/hiredis#896

Free SSL object when redisSSLConnect fails but avoid doing that for
callers of redisInitiateSSL who are supposed to manager their own SSL
object.

Signed-off-by: Hans Zandbelt <hans.zandbelt@zmartzone.eu>
---
 ssl.c | 7 +++++--
 1 file changed, 5 insertions(+), 2 deletions(-)

(limited to 'ssl.c')

diff --git a/ssl.c b/ssl.c
index c856bbc..c581f63 100644
--- a/ssl.c
+++ b/ssl.c
@@ -351,7 +351,6 @@ static int redisSSLConnect(redisContext *c, SSL *ssl) {
     }
 
     hi_free(rssl);
-    SSL_free(ssl);
     return REDIS_ERR;
 }
 
@@ -393,7 +392,11 @@ int redisInitiateSSLWithContext(redisContext *c, redisSSLContext *redis_ssl_ctx)
         }
     }
 
-    return redisSSLConnect(c, ssl);
+    if (redisSSLConnect(c, ssl) != REDIS_OK) {
+        goto error;
+    }
+
+    return REDIS_OK;
 
 error:
     if (ssl)
-- 
cgit v1.2.3