mirror of
https://github.com/yuzu-emu/mbedtls.git
synced 2025-01-05 15:05:58 +00:00
Fix memory leak in ssl_cache
This commit is contained in:
parent
c73339fd50
commit
84c30c7e83
|
@ -3,7 +3,7 @@ PolarSSL ChangeLog (Sorted per branch, date)
|
||||||
= PolarSSL 1.3 branch
|
= PolarSSL 1.3 branch
|
||||||
Features
|
Features
|
||||||
* HMAC-DRBG as a separate module
|
* HMAC-DRBG as a separate module
|
||||||
* Option to set the Curve preference order
|
* Option to set the Curve preference order (disabled by default)
|
||||||
* Single Platform compatilibity layer (for memory / printf / fprintf)
|
* Single Platform compatilibity layer (for memory / printf / fprintf)
|
||||||
* Ability to provide alternate timing implementation
|
* Ability to provide alternate timing implementation
|
||||||
* Ability to force the entropy module to use SHA-256 as its basis
|
* Ability to force the entropy module to use SHA-256 as its basis
|
||||||
|
@ -33,11 +33,12 @@ Bugfix
|
||||||
* Programs rsa_sign_pss and rsa_verify_pss were not using PSS since 1.3.0
|
* Programs rsa_sign_pss and rsa_verify_pss were not using PSS since 1.3.0
|
||||||
* Bignum's MIPS-32 assembly was used on MIPS-64, causing chaos. (Found by
|
* Bignum's MIPS-32 assembly was used on MIPS-64, causing chaos. (Found by
|
||||||
Alex Wilson.)
|
Alex Wilson.)
|
||||||
* Fixed bug in ssl_cache: when max_entries = 0 and TIMING_C is enabled,
|
* ssl_cache was creating entries when max_entries=0 if TIMING_C was enabled.
|
||||||
entries would still be created.
|
* m_sleep() was sleeping twice too long on most Unix platforms.
|
||||||
* Fixed bug in m_sleep: whould sleep twice too long on most Unix platforms.
|
|
||||||
* Fixed bug with session tickets and non-blocking I/O in the unlikely case
|
* Fixed bug with session tickets and non-blocking I/O in the unlikely case
|
||||||
send() would return an EAGAIN error when sending the ticket.
|
send() would return an EAGAIN error when sending the ticket.
|
||||||
|
* ssl_cache was leaking memory when reusing a timed out entry containing a
|
||||||
|
client certificate.
|
||||||
|
|
||||||
= PolarSSL 1.3.4 released on 2014-01-27
|
= PolarSSL 1.3.4 released on 2014-01-27
|
||||||
Features
|
Features
|
||||||
|
|
|
@ -195,14 +195,6 @@ int ssl_cache_set( void *data, const ssl_session *session )
|
||||||
}
|
}
|
||||||
|
|
||||||
cur = old;
|
cur = old;
|
||||||
memset( &cur->session, 0, sizeof(ssl_session) );
|
|
||||||
#if defined(POLARSSL_X509_CRT_PARSE_C)
|
|
||||||
if( cur->peer_cert.p != NULL )
|
|
||||||
{
|
|
||||||
polarssl_free( cur->peer_cert.p );
|
|
||||||
memset( &cur->peer_cert, 0, sizeof(x509_buf) );
|
|
||||||
}
|
|
||||||
#endif /* POLARSSL_X509_CRT_PARSE_C */
|
|
||||||
}
|
}
|
||||||
#else /* POLARSSL_HAVE_TIME */
|
#else /* POLARSSL_HAVE_TIME */
|
||||||
/*
|
/*
|
||||||
|
@ -219,16 +211,7 @@ int ssl_cache_set( void *data, const ssl_session *session )
|
||||||
|
|
||||||
cur = cache->chain;
|
cur = cache->chain;
|
||||||
cache->chain = cur->next;
|
cache->chain = cur->next;
|
||||||
|
cur->next = NULL;
|
||||||
#if defined(POLARSSL_X509_CRT_PARSE_C)
|
|
||||||
if( cur->peer_cert.p != NULL )
|
|
||||||
{
|
|
||||||
polarssl_free( cur->peer_cert.p );
|
|
||||||
memset( &cur->peer_cert, 0, sizeof(x509_buf) );
|
|
||||||
}
|
|
||||||
#endif /* POLARSSL_X509_CRT_PARSE_C */
|
|
||||||
|
|
||||||
memset( cur, 0, sizeof(ssl_cache_entry) );
|
|
||||||
prv->next = cur;
|
prv->next = cur;
|
||||||
}
|
}
|
||||||
#endif /* POLARSSL_HAVE_TIME */
|
#endif /* POLARSSL_HAVE_TIME */
|
||||||
|
@ -260,6 +243,15 @@ int ssl_cache_set( void *data, const ssl_session *session )
|
||||||
memcpy( &cur->session, session, sizeof( ssl_session ) );
|
memcpy( &cur->session, session, sizeof( ssl_session ) );
|
||||||
|
|
||||||
#if defined(POLARSSL_X509_CRT_PARSE_C)
|
#if defined(POLARSSL_X509_CRT_PARSE_C)
|
||||||
|
/*
|
||||||
|
* If we're reusing an entry, free its certificate first
|
||||||
|
*/
|
||||||
|
if( cur->peer_cert.p != NULL )
|
||||||
|
{
|
||||||
|
polarssl_free( cur->peer_cert.p );
|
||||||
|
memset( &cur->peer_cert, 0, sizeof(x509_buf) );
|
||||||
|
}
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* Store peer certificate
|
* Store peer certificate
|
||||||
*/
|
*/
|
||||||
|
|
Loading…
Reference in a new issue