From 61d113bb7b976d543569b2627fc1906652309067 Mon Sep 17 00:00:00 2001 From: Paul Bakker Date: Thu, 4 Jul 2013 11:51:43 +0200 Subject: [PATCH] Init and free new contexts in the right place for SSL to prevent memory leaks --- library/ssl_cli.c | 2 -- library/ssl_srv.c | 8 +++++++- library/ssl_tls.c | 25 +++++++++++++++++++++++-- 3 files changed, 30 insertions(+), 5 deletions(-) diff --git a/library/ssl_cli.c b/library/ssl_cli.c index 6496b84b7..66ebcefcb 100644 --- a/library/ssl_cli.c +++ b/library/ssl_cli.c @@ -824,8 +824,6 @@ static int ssl_parse_server_ecdh_params( ssl_context *ssl, * ECPoint public; * } ServerECDHParams; */ - ecdh_init( &ssl->handshake->ecdh_ctx ); - if( ( ret = ecdh_read_params( &ssl->handshake->ecdh_ctx, (const unsigned char **) p, end ) ) != 0 ) { diff --git a/library/ssl_srv.c b/library/ssl_srv.c index 451d44569..c6a827320 100644 --- a/library/ssl_srv.c +++ b/library/ssl_srv.c @@ -1304,7 +1304,6 @@ static int ssl_write_server_key_exchange( ssl_context *ssl ) * ECPoint public; * } ServerECDHParams; */ - ecdh_init( &ssl->handshake->ecdh_ctx ); if( ( ret = ecp_use_known_dp( &ssl->handshake->ecdh_ctx.grp, ssl->handshake->ec_curve ) ) != 0 ) { @@ -1423,6 +1422,13 @@ static int ssl_write_server_key_exchange( ssl_context *ssl ) md_update( &ctx, ssl->handshake->randbytes, 64 ); md_update( &ctx, dig_sig, dig_sig_len ); md_finish( &ctx, hash ); + + if( ( ret = md_free_ctx( &ctx ) ) != 0 ) + { + SSL_DEBUG_RET( 1, "md_free_ctx", ret ); + return( ret ); + } + } SSL_DEBUG_BUF( 3, "parameters hash", hash, hashlen ); diff --git a/library/ssl_tls.c b/library/ssl_tls.c index cea90eb77..dfeed3377 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -318,6 +318,7 @@ int ssl_derive_keys( ssl_context *ssl ) unsigned int iv_copy_len; const cipher_info_t *cipher_info; const md_info_t *md_info; + int ret; ssl_session *session = ssl->session_negotiate; ssl_transform *transform = ssl->transform_negotiate; @@ -444,8 +445,17 @@ int ssl_derive_keys( ssl_context *ssl ) { if( md_info->type != POLARSSL_MD_NONE ) { - md_init_ctx( &transform->md_ctx_enc, md_info ); - md_init_ctx( &transform->md_ctx_dec, md_info ); + if( ( ret = md_init_ctx( &transform->md_ctx_enc, md_info ) ) != 0 ) + { + SSL_DEBUG_RET( 1, "md_init_ctx", ret ); + return( ret ); + } + + if( ( ret = md_init_ctx( &transform->md_ctx_dec, md_info ) ) != 0 ) + { + SSL_DEBUG_RET( 1, "md_init_ctx", ret ); + return( ret ); + } transform->maclen = md_get_size( md_info ); } @@ -2743,6 +2753,10 @@ static int ssl_handshake_init( ssl_context *ssl ) ssl->handshake->update_checksum = ssl_update_checksum_start; ssl->handshake->sig_alg = SSL_HASH_SHA1; +#if defined(POLARSSL_ECDH_C) + ecdh_init( &ssl->handshake->ecdh_ctx ); +#endif + return( 0 ); } @@ -3436,6 +3450,9 @@ void ssl_transform_free( ssl_transform *transform ) inflateEnd( &transform->ctx_inflate ); #endif + md_free_ctx( &transform->md_ctx_enc ); + md_free_ctx( &transform->md_ctx_dec ); + memset( transform, 0, sizeof( ssl_transform ) ); } @@ -3444,6 +3461,10 @@ void ssl_handshake_free( ssl_handshake_params *handshake ) #if defined(POLARSSL_DHM_C) dhm_free( &handshake->dhm_ctx ); #endif +#if defined(POLARSSL_ECDH_C) + ecdh_free( &handshake->ecdh_ctx ); +#endif + memset( handshake, 0, sizeof( ssl_handshake_params ) ); }