From 9e26f0008b44e609918335986e7f0a00c27f3433 Mon Sep 17 00:00:00 2001
From: Keith Buck <mr_flea@esper.net>
Date: Sun, 2 Mar 2014 23:56:20 +0000
Subject: [PATCH] libratbox openssl: Don't leak EC_KEY structures.

---
 libratbox/src/openssl.c | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/libratbox/src/openssl.c b/libratbox/src/openssl.c
index defcfa933..6cc07d01b 100644
--- a/libratbox/src/openssl.c
+++ b/libratbox/src/openssl.c
@@ -325,7 +325,11 @@ rb_init_ssl(void)
 	/* Set ECDHE on OpenSSL 1.00+, but make sure it's actually available because redhat are dicks
 	   and bastardise their OpenSSL for stupid reasons... */
 	#if (OPENSSL_VERSION_NUMBER >= 0x10000000) && defined(NID_secp384r1)
-		SSL_CTX_set_tmp_ecdh(ssl_server_ctx, EC_KEY_new_by_curve_name(NID_secp384r1));
+		EC_KEY *key = EC_KEY_new_by_curve_name(NID_secp384r1);
+		if (key) {
+			SSL_CTX_set_tmp_ecdh(ssl_server_ctx, key);
+			EC_KEY_free(key);
+		}
 #ifdef SSL_OP_SINGLE_ECDH_USE
 		SSL_CTX_set_options(ssl_server_ctx, SSL_OP_SINGLE_ECDH_USE);
 #endif