Fix memory leak in ssl_cache

This commit is contained in:
Manuel Pégourié-Gonnard 2014-02-26 17:38:55 +01:00
parent c73339fd50
commit 84c30c7e83
2 changed files with 15 additions and 22 deletions

View file

@ -3,7 +3,7 @@ PolarSSL ChangeLog (Sorted per branch, date)
= PolarSSL 1.3 branch = PolarSSL 1.3 branch
Features Features
* HMAC-DRBG as a separate module * HMAC-DRBG as a separate module
* Option to set the Curve preference order * Option to set the Curve preference order (disabled by default)
* Single Platform compatilibity layer (for memory / printf / fprintf) * Single Platform compatilibity layer (for memory / printf / fprintf)
* Ability to provide alternate timing implementation * Ability to provide alternate timing implementation
* Ability to force the entropy module to use SHA-256 as its basis * Ability to force the entropy module to use SHA-256 as its basis
@ -33,11 +33,12 @@ Bugfix
* Programs rsa_sign_pss and rsa_verify_pss were not using PSS since 1.3.0 * Programs rsa_sign_pss and rsa_verify_pss were not using PSS since 1.3.0
* Bignum's MIPS-32 assembly was used on MIPS-64, causing chaos. (Found by * Bignum's MIPS-32 assembly was used on MIPS-64, causing chaos. (Found by
Alex Wilson.) Alex Wilson.)
* Fixed bug in ssl_cache: when max_entries = 0 and TIMING_C is enabled, * ssl_cache was creating entries when max_entries=0 if TIMING_C was enabled.
entries would still be created. * m_sleep() was sleeping twice too long on most Unix platforms.
* Fixed bug in m_sleep: whould sleep twice too long on most Unix platforms.
* Fixed bug with session tickets and non-blocking I/O in the unlikely case * Fixed bug with session tickets and non-blocking I/O in the unlikely case
send() would return an EAGAIN error when sending the ticket. send() would return an EAGAIN error when sending the ticket.
* ssl_cache was leaking memory when reusing a timed out entry containing a
client certificate.
= PolarSSL 1.3.4 released on 2014-01-27 = PolarSSL 1.3.4 released on 2014-01-27
Features Features

View file

@ -195,14 +195,6 @@ int ssl_cache_set( void *data, const ssl_session *session )
} }
cur = old; cur = old;
memset( &cur->session, 0, sizeof(ssl_session) );
#if defined(POLARSSL_X509_CRT_PARSE_C)
if( cur->peer_cert.p != NULL )
{
polarssl_free( cur->peer_cert.p );
memset( &cur->peer_cert, 0, sizeof(x509_buf) );
}
#endif /* POLARSSL_X509_CRT_PARSE_C */
} }
#else /* POLARSSL_HAVE_TIME */ #else /* POLARSSL_HAVE_TIME */
/* /*
@ -219,16 +211,7 @@ int ssl_cache_set( void *data, const ssl_session *session )
cur = cache->chain; cur = cache->chain;
cache->chain = cur->next; cache->chain = cur->next;
cur->next = NULL;
#if defined(POLARSSL_X509_CRT_PARSE_C)
if( cur->peer_cert.p != NULL )
{
polarssl_free( cur->peer_cert.p );
memset( &cur->peer_cert, 0, sizeof(x509_buf) );
}
#endif /* POLARSSL_X509_CRT_PARSE_C */
memset( cur, 0, sizeof(ssl_cache_entry) );
prv->next = cur; prv->next = cur;
} }
#endif /* POLARSSL_HAVE_TIME */ #endif /* POLARSSL_HAVE_TIME */
@ -260,6 +243,15 @@ int ssl_cache_set( void *data, const ssl_session *session )
memcpy( &cur->session, session, sizeof( ssl_session ) ); memcpy( &cur->session, session, sizeof( ssl_session ) );
#if defined(POLARSSL_X509_CRT_PARSE_C) #if defined(POLARSSL_X509_CRT_PARSE_C)
/*
* If we're reusing an entry, free its certificate first
*/
if( cur->peer_cert.p != NULL )
{
polarssl_free( cur->peer_cert.p );
memset( &cur->peer_cert, 0, sizeof(x509_buf) );
}
/* /*
* Store peer certificate * Store peer certificate
*/ */