Fix potential memory leak.
This can't happen because we don't implement RSA_PSK, but we probably should
check here.
Probably |sess_cert| shouldn't be attached to SSL_SESSION anyway; it's only
relevant when initializing the session and if it's accessed afterwards, it'll
be shared and cause problems.
Change-Id: Id868e523195f33c22e057f9b89dc02fe68e9b554
Reviewed-on: https://boringssl-review.googlesource.com/1153
Reviewed-by: Adam Langley <agl@google.com>
diff --git a/ssl/s3_clnt.c b/ssl/s3_clnt.c
index 246539c..f7cc488 100644
--- a/ssl/s3_clnt.c
+++ b/ssl/s3_clnt.c
@@ -1335,7 +1335,11 @@
later.*/
if (s->s3->tmp.new_cipher->algorithm_auth & SSL_aPSK)
{
- s->session->sess_cert=ssl_sess_cert_new();
+ /* PSK ciphersuites that also send a
+ * Certificate would have already initialized
+ * |sess_cert|. */
+ if (s->session->sess_cert == NULL)
+ s->session->sess_cert = ssl_sess_cert_new();
if (s->session->psk_identity_hint)
{
OPENSSL_free(s->session->psk_identity_hint);