Modify compression code so it frees up structures without using the

ex_data callbacks. This works around a problem where some applications

call CRYPTO_free_all_ex_data() before application exit (e.g. when

restarting) then use compression (e.g. SSL with compression) later.

This results in significant per-connection memory leaks and

has caused some security issues including CVE-2008-1678 and

CVE-2009-4355. [Steve Henson]

diff -up openssl-fips-0.9.8e/crypto/comp/c_zlib.c.compleak openssl-fips-0.9.8e/crypto/comp/c_zlib.c

--- openssl-fips-0.9.8e/crypto/comp/c_zlib.c.compleak	2007-02-14 22:50:26.000000000 +0100

+++ openssl-fips-0.9.8e/crypto/comp/c_zlib.c	2010-01-14 09:32:46.000000000 +0100

@@ -133,15 +133,6 @@ struct zlib_state

 static int zlib_stateful_ex_idx = -1;

-static void zlib_stateful_free_ex_data(void *obj, void *item,

-	CRYPTO_EX_DATA *ad, int ind,long argl, void *argp)

-	{

-	struct zlib_state *state = (struct zlib_state *)item;

-	inflateEnd(&state->istream);

-	deflateEnd(&state->ostream);

-	OPENSSL_free(state);

-	}

-

 static int zlib_stateful_init(COMP_CTX *ctx)

 	{

 	int err;

@@ -185,6 +176,12 @@ static int zlib_stateful_init(COMP_CTX *

 static void zlib_stateful_finish(COMP_CTX *ctx)

 	{

+	struct zlib_state *state =

+		(struct zlib_state *)CRYPTO_get_ex_data(&ctx->ex_data,

+			zlib_stateful_ex_idx);

+	inflateEnd(&state->istream);

+	deflateEnd(&state->ostream);

+	OPENSSL_free(state);

 	CRYPTO_free_ex_data(CRYPTO_EX_INDEX_COMP,ctx,&ctx->ex_data);

 	}

@@ -396,7 +393,7 @@ COMP_METHOD *COMP_zlib(void)

 			if (zlib_stateful_ex_idx == -1)

 				zlib_stateful_ex_idx =

 					CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_COMP,

-						0,NULL,NULL,NULL,zlib_stateful_free_ex_data);

+						0,NULL,NULL,NULL,NULL);

 			CRYPTO_w_unlock(CRYPTO_LOCK_COMP);

 			if (zlib_stateful_ex_idx == -1)

 				goto err;