fix memory leak

[oweals/openssl.git] / apps / s_server.c

diff --git a/apps/s_server.c b/apps/s_server.c
index 5c5168aad45e3ea8419e047c5eabe730d333ca37..1f1f317d419ac2df29be38117bdd03994fbfb21a 100644 (file)
--- a/apps/s_server.c
+++ b/apps/s_server.c
@@ -404,6 +404,7 @@ static void sv_usage(void)
        BIO_printf(bio_err,"                 not specified (default is %s)\n",TEST_CERT2);
        BIO_printf(bio_err," -tlsextdebug  - hex dump of all TLS extensions received\n");
        BIO_printf(bio_err," -no_ticket    - disable use of RFC4507bis session tickets\n");
+       BIO_printf(bio_err," -legacy_renegotiation - enable use of legacy renegotiation (dangerous)\n");
 #endif
        }
 
@@ -771,6 +772,7 @@ int MAIN(int argc, char *argv[])
        int s_dcert_format = FORMAT_PEM, s_dkey_format = FORMAT_PEM;
        X509 *s_cert = NULL, *s_dcert = NULL;
        EVP_PKEY *s_key = NULL, *s_dkey = NULL;
+       int no_cache = 0;
 #ifndef OPENSSL_NO_TLSEXT
        EVP_PKEY *s_key2 = NULL;
        X509 *s_cert2 = NULL;
@@ -779,13 +781,7 @@ int MAIN(int argc, char *argv[])
         tlsextctx tlsextcbp = {NULL, NULL, SSL_TLSEXT_ERR_ALERT_WARNING};
 #endif
 
-#if !defined(OPENSSL_NO_SSL2) && !defined(OPENSSL_NO_SSL3)
        meth=SSLv23_server_method();
-#elif !defined(OPENSSL_NO_SSL3)
-       meth=SSLv3_server_method();
-#elif !defined(OPENSSL_NO_SSL2)
-       meth=SSLv2_server_method();
-#endif
 
        local_argc=argc;
        local_argv=argv;
@@ -910,6 +906,8 @@ int MAIN(int argc, char *argv[])
                        if (--argc < 1) goto bad;
                        CApath= *(++argv);
                        }
+               else if (strcmp(*argv,"-no_cache") == 0)
+                       no_cache = 1;
                else if (strcmp(*argv,"-crl_check") == 0)
                        {
                        vflags |= X509_V_FLAG_CRL_CHECK;
@@ -920,6 +918,8 @@ int MAIN(int argc, char *argv[])
                        }
                else if (strcmp(*argv,"-serverpref") == 0)
                        { off|=SSL_OP_CIPHER_SERVER_PREFERENCE; }
+               else if (strcmp(*argv,"-legacy_renegotiation") == 0)
+                       off|=SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION;
                else if (strcmp(*argv,"-cipher") == 0)
                        {
                        if (--argc < 1) goto bad;
@@ -1252,8 +1252,10 @@ bad:
        if (socket_type == SOCK_DGRAM) SSL_CTX_set_read_ahead(ctx, 1);
 
        if (state) SSL_CTX_set_info_callback(ctx,apps_ssl_info_callback);
-
-       SSL_CTX_sess_set_cache_size(ctx,128);
+       if (no_cache)
+               SSL_CTX_set_session_cache_mode(ctx, SSL_SESS_CACHE_OFF);
+       else
+               SSL_CTX_sess_set_cache_size(ctx,128);
 
 #if 0
        if (cipher == NULL) cipher=getenv("SSL_CIPHER");
@@ -1320,7 +1322,10 @@ bad:
 
                if (state) SSL_CTX_set_info_callback(ctx2,apps_ssl_info_callback);
 
-               SSL_CTX_sess_set_cache_size(ctx2,128);
+               if (no_cache)
+                       SSL_CTX_set_session_cache_mode(ctx2,SSL_SESS_CACHE_OFF);
+               else
+                       SSL_CTX_sess_set_cache_size(ctx2,128);
 
                if ((!SSL_CTX_load_verify_locations(ctx2,CAfile,CApath)) ||
                        (!SSL_CTX_set_default_verify_paths(ctx2)))
@@ -1497,6 +1502,10 @@ bad:
        SSL_CTX_set_session_id_context(ctx,(void*)&s_server_session_id_context,
                sizeof s_server_session_id_context);
 
+       /* Set DTLS cookie generation and verification callbacks */
+       SSL_CTX_set_cookie_generate_cb(ctx, generate_cookie_callback);
+       SSL_CTX_set_cookie_verify_cb(ctx, verify_cookie_callback);
+
 #ifndef OPENSSL_NO_TLSEXT
        if (ctx2)
                {
@@ -1541,6 +1550,12 @@ end:
        if (dpass)
                OPENSSL_free(dpass);
 #ifndef OPENSSL_NO_TLSEXT
+       if (tlscstatp.host)
+               OPENSSL_free(tlscstatp.host);
+       if (tlscstatp.port)
+               OPENSSL_free(tlscstatp.port);
+       if (tlscstatp.path)
+               OPENSSL_free(tlscstatp.path);
        if (ctx2 != NULL) SSL_CTX_free(ctx2);
        if (s_cert2)
                X509_free(s_cert2);
@@ -1590,9 +1605,11 @@ static int sv_body(char *hostname, int s, unsigned char *context)
        unsigned long l;
        SSL *con=NULL;
        BIO *sbio;
-       struct timeval timeout, *timeoutp;
+       struct timeval timeout;
 #if defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_MSDOS) || defined(OPENSSL_SYS_NETWARE)
        struct timeval tv;
+#else
+       struct timeval *timeoutp;
 #endif
 
        if ((buf=OPENSSL_malloc(bufsize)) == NULL)
@@ -2013,6 +2030,8 @@ static int init_ssl_connection(SSL *con)
                        con->kssl_ctx->client_princ);
                }
 #endif /* OPENSSL_NO_KRB5 */
+       BIO_printf(bio_s_out, "Secure Renegotiation IS%s supported\n",
+                     SSL_get_secure_renegotiation_support(con) ? "" : " NOT");
        return(1);
        }
 
@@ -2056,12 +2075,14 @@ static int www_body(char *hostname, int s, unsigned char *context)
        {
        char *buf=NULL;
        int ret=1;
-       int i,j,k,blank,dot;
+       int i,j,k,dot;
        struct stat st_buf;
        SSL *con;
        SSL_CIPHER *c;
        BIO *io,*ssl_bio,*sbio;
+#ifdef RENEG
        long total_bytes;
+#endif
 
        buf=OPENSSL_malloc(bufsize);
        if (buf == NULL) return(0);
@@ -2132,7 +2153,6 @@ static int www_body(char *hostname, int s, unsigned char *context)
                SSL_set_msg_callback_arg(con, bio_s_out);
                }
 
-       blank=0;
        for (;;)
                {
                if (hack)
@@ -2369,7 +2389,9 @@ static int www_body(char *hostname, int s, unsigned char *context)
                                         BIO_puts(io,"HTTP/1.0 200 ok\r\nContent-type: text/plain\r\n\r\n");
                                 }
                        /* send the file */
+#ifdef RENEG
                        total_bytes=0;
+#endif
                        for (;;)
                                {
                                i=BIO_read(file,buf,bufsize);