From 0a57ffdc812586031571cca67c26762d5f332bbf Mon Sep 17 00:00:00 2001
From: MSP-Greg <MSP-Greg@users.noreply.github.com>
Date: Thu, 15 Sep 2022 00:44:55 -0500
Subject: [PATCH] minissl.c - immediate ruby_memcheck fixes (#2956)

All of the other results were calling `rb_define_` functions, which may be false positives.

The changes fix leaks in an object that is created once for each SSL listener.
---
 ext/puma_http11/mini_ssl.c | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/ext/puma_http11/mini_ssl.c b/ext/puma_http11/mini_ssl.c
index d2264a8c..7e577b73 100644
--- a/ext/puma_http11/mini_ssl.c
+++ b/ext/puma_http11/mini_ssl.c
@@ -275,8 +275,11 @@ sslctx_initialize(VALUE self, VALUE mini_ssl_ctx) {
     x509 = PEM_read_bio_X509(bio, NULL, NULL, NULL);
 
     if (SSL_CTX_use_certificate(ctx, x509) != 1) {
+      BIO_free(bio);
       raise_file_error("SSL_CTX_use_certificate", RSTRING_PTR(cert_pem));
     }
+    X509_free(x509);
+    BIO_free(bio);
   }
 
   if (!NIL_P(key_pem)) {
@@ -285,8 +288,11 @@ sslctx_initialize(VALUE self, VALUE mini_ssl_ctx) {
     pkey = PEM_read_bio_PrivateKey(bio, NULL, NULL, NULL);
 
     if (SSL_CTX_use_PrivateKey(ctx, pkey) != 1) {
+      BIO_free(bio);
       raise_file_error("SSL_CTX_use_PrivateKey", RSTRING_PTR(key_pem));
     }
+    EVP_PKEY_free(pkey);
+    BIO_free(bio);
   }
 
   verification_flags = rb_funcall(mini_ssl_ctx, rb_intern_const("verification_flags"), 0);