Merge pull request #4761 from mpg/fix-memleak-in-ssl-test-2.x

[backport 2.x] Fix memory leak on failure path in test code
2024-12-26 00:25:35 +00:00 · 2021-07-08 12:34:30 +02:00 · 2021-07-08 12:34:30 +02:00 · dcb3479701
parent 008cd0c4d8 87e8b5ccaa
commit dcb3479701
1 changed files with 13 additions and 12 deletions
--- a/programs/ssl/ssl_test_common_source.c
+++ b/programs/ssl/ssl_test_common_source.c
@ -163,7 +163,7 @@ int dtls_srtp_key_derivation( void *p_expkey,
 int ssl_check_record( mbedtls_ssl_context const *ssl,
                      unsigned char const *buf, size_t len )
 {
-    int ret;
+    int my_ret = 0, ret_cr1, ret_cr2;
    unsigned char *tmp_buf;

    /* Record checking may modify the input buffer,
@ -173,22 +173,21 @@ int ssl_check_record( mbedtls_ssl_context const *ssl,
        return( MBEDTLS_ERR_SSL_ALLOC_FAILED );
    memcpy( tmp_buf, buf, len );

-    ret = mbedtls_ssl_check_record( ssl, tmp_buf, len );
-    if( ret != MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE )
+    ret_cr1 = mbedtls_ssl_check_record( ssl, tmp_buf, len );
+    if( ret_cr1 != MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE )
    {
-        int ret_repeated;
-
        /* Test-only: Make sure that mbedtls_ssl_check_record()
         *            doesn't alter state. */
        memcpy( tmp_buf, buf, len ); /* Restore buffer */
-        ret_repeated = mbedtls_ssl_check_record( ssl, tmp_buf, len );
-        if( ret != ret_repeated )
+        ret_cr2 = mbedtls_ssl_check_record( ssl, tmp_buf, len );
+        if( ret_cr2 != ret_cr1 )
        {
            mbedtls_printf( "mbedtls_ssl_check_record() returned inconsistent results.\n" );
-            return( -1 );
+            my_ret = -1;
+            goto cleanup;
        }

-        switch( ret )
+        switch( ret_cr1 )
        {
            case 0:
                break;
@ -209,16 +208,18 @@ int ssl_check_record( mbedtls_ssl_context const *ssl,
                break;

            default:
-                mbedtls_printf( "mbedtls_ssl_check_record() failed fatally with -%#04x.\n", (unsigned int) -ret );
-                return( -1 );
+                mbedtls_printf( "mbedtls_ssl_check_record() failed fatally with -%#04x.\n", (unsigned int) -ret_cr1 );
+                my_ret = -1;
+                goto cleanup;
        }

        /* Regardless of the outcome, forward the record to the stack. */
    }

+cleanup:
    mbedtls_free( tmp_buf );

-    return( 0 );
+    return( my_ret );
 }
 #endif /* MBEDTLS_SSL_RECORD_CHECKING */