Fix memory leak in client/server2

context_buf was never free()d. Moreover, since we want to free it on error paths as well, and even properly zeroize it in order to demonstrate good memory hygiene, we need to make it and its length main()-scoped.
2025-02-02 10:31:02 +00:00 · 2019-07-15 10:31:11 +02:00 · 2019-07-15 10:31:11 +02:00 · c981229b04
parent 322f3c7377
commit c981229b04
2 changed files with 29 additions and 2 deletions
--- a/programs/ssl/ssl_client2.c
+++ b/programs/ssl/ssl_client2.c
@ -805,6 +805,10 @@ int main( int argc, char *argv[] )
 #endif
    char *p, *q;
    const int *list;
+#if defined(MBEDTLS_SSL_CONTEXT_SERIALIZATION)
+    unsigned char *context_buf = NULL;
+    size_t context_buf_len;
+#endif

    /*
     * Make sure memory references are valid.
@ -2489,7 +2493,6 @@ send_request:
    if( opt.serialize != 0 )
    {
        size_t buf_len;
-        unsigned char *context_buf = NULL;

        mbedtls_printf( "  . Serializing live connection..." );

@ -2509,6 +2512,7 @@ send_request:

            goto exit;
        }
+        context_buf_len = buf_len;

        if( ( ret = mbedtls_ssl_context_save( &ssl, context_buf,
                                              buf_len, &buf_len ) ) != 0 )
@ -2586,6 +2590,10 @@ send_request:
            goto exit;
        }

+        mbedtls_free( context_buf );
+        context_buf = NULL;
+        context_buf_len = 0;
+
        mbedtls_printf( " ok\n" );
    }
 #endif /* MBEDTLS_SSL_CONTEXT_SERIALIZATION */
@ -2725,6 +2733,11 @@ exit:
    if( session_data != NULL )
        mbedtls_platform_zeroize( session_data, session_data_len );
    mbedtls_free( session_data );
+#if defined(MBEDTLS_SSL_CONTEXT_SERIALIZATION)
+    if( context_buf != NULL )
+        mbedtls_platform_zeroize( context_buf, context_buf_len );
+    mbedtls_free( context_buf );
+#endif

 #if defined(_WIN32)
    mbedtls_printf( "  + Press Enter to exit this program.\n" );
--- a/programs/ssl/ssl_server2.c
+++ b/programs/ssl/ssl_server2.c
@ -1442,6 +1442,10 @@ int main( int argc, char *argv[] )
    size_t cid_len = 0;
    size_t cid_renego_len = 0;
 #endif
+#if defined(MBEDTLS_SSL_CONTEXT_SERIALIZATION)
+    unsigned char *context_buf = NULL;
+    size_t context_buf_len;
+#endif

    int i;
    char *p, *q;
@ -3505,7 +3509,6 @@ data_exchange:
    if( opt.serialize != 0 )
    {
        size_t buf_len;
-        unsigned char *context_buf = NULL;

        mbedtls_printf( "  . Serializing live connection..." );

@ -3525,6 +3528,7 @@ data_exchange:

            goto exit;
        }
+        context_buf_len = buf_len;

        if( ( ret = mbedtls_ssl_context_save( &ssl, context_buf,
                                              buf_len, &buf_len ) ) != 0 )
@ -3623,6 +3627,10 @@ data_exchange:
            goto exit;
        }

+        mbedtls_free( context_buf );
+        context_buf = NULL;
+        context_buf_len = 0;
+
        mbedtls_printf( " ok\n" );
    }
 #endif /* MBEDTLS_SSL_CONTEXT_SERIALIZATION */
@ -3715,6 +3723,12 @@ exit:

    mbedtls_free( buf );

+#if defined(MBEDTLS_SSL_CONTEXT_SERIALIZATION)
+    if( context_buf != NULL )
+        mbedtls_platform_zeroize( context_buf, context_buf_len );
+    mbedtls_free( context_buf );
+#endif
+
 #if defined(MBEDTLS_MEMORY_BUFFER_ALLOC_C)
 #if defined(MBEDTLS_MEMORY_DEBUG)
    mbedtls_memory_buffer_alloc_status();