Dev news

Commit f9a24a30e9 for openssl.org

commit f9a24a30e9b85ba2567c5adebc789947955c41a6
Author: huanghuihui0904 <625173@qq.com>
Date:   Mon Mar 16 10:35:48 2026 +0800

    apps/lib/tlssrp_depr.c: fix leak of vb in set_up_srp_verifier_file()

    set_up_srp_verifier_file() allocates srp_callback_parm->vb via SRP_VBASE_new().
    If SRP_VBASE_init() fails, vb must be freed before returning.

    Additionally, add SRP_VBASE_free() to the end: cleanup path in s_server.c so
    that vb is also freed on normal program exit.

    Solves https://github.com/openssl/openssl/issues/30362
    Fixes #30362

    Signed-off-by: huanghuihui0904 <625173@qq.com>

    Reviewed-by: Eugene Syromiatnikov <esyr@openssl.org>
    Reviewed-by: Matt Caswell <matt@openssl.foundation>
    MergeDate: Wed May 13 07:20:48 2026
    (Merged from https://github.com/openssl/openssl/pull/30434)

diff --git a/apps/include/s_apps.h b/apps/include/s_apps.h
index 6432a2032a..c46f6327e9 100644
--- a/apps/include/s_apps.h
+++ b/apps/include/s_apps.h
@@ -113,6 +113,7 @@ typedef struct srpsrvparm_st {

 int set_up_srp_verifier_file(SSL_CTX *ctx, srpsrvparm *srp_callback_parm,
     char *srpuserseed, char *srp_verifier_file);
+void cleanup_srp(srpsrvparm *srp_callback_parm);
 void lookup_srp_user(srpsrvparm *srp_callback_parm, BIO *bio_s_out);
 #endif /* OPENSSL_NO_SRP */

diff --git a/apps/lib/tlssrp_depr.c b/apps/lib/tlssrp_depr.c
index cc36365748..eb9f3a1814 100644
--- a/apps/lib/tlssrp_depr.c
+++ b/apps/lib/tlssrp_depr.c
@@ -203,6 +203,8 @@ int set_up_srp_verifier_file(SSL_CTX *ctx, srpsrvparm *srp_callback_parm,
         BIO_printf(bio_err,
             "Cannot initialize SRP verifier file \"%s\":ret=%d\n",
             srp_verifier_file, ret);
+        SRP_VBASE_free(srp_callback_parm->vb);
+        srp_callback_parm->vb = NULL;
         return 0;
     }
     SSL_CTX_set_verify(ctx, SSL_VERIFY_NONE, verify_callback);
@@ -224,3 +226,11 @@ void lookup_srp_user(srpsrvparm *srp_callback_parm, BIO *bio_s_out)
     else
         BIO_puts(bio_s_out, "LOOKUP not successful\n");
 }
+
+void cleanup_srp(srpsrvparm *srp_callback_parm)
+{
+    SRP_user_pwd_free(srp_callback_parm->user);
+    srp_callback_parm->user = NULL;
+    SRP_VBASE_free(srp_callback_parm->vb);
+    srp_callback_parm->vb = NULL;
+}
diff --git a/apps/s_server.c b/apps/s_server.c
index e8f431cd0a..ebb8514fef 100644
--- a/apps/s_server.c
+++ b/apps/s_server.c
@@ -3131,6 +3131,9 @@ int s_server_main(int argc, char *argv[])
     ret = 0;
 end:
     SSL_CTX_free(ctx);
+#ifndef OPENSSL_NO_SRP
+    cleanup_srp(&srp_callback_parm);
+#endif
     SSL_SESSION_free(psksess);
     set_keylog_file(NULL, NULL);
     X509_free(s_cert);