From: Matt Caswell Date: Tue, 6 Dec 2016 10:49:01 +0000 (+0000) Subject: Fix a leak in SSL_clear() X-Git-Tag: OpenSSL_1_1_0d~83 X-Git-Url: https://git.librecmc.org/?a=commitdiff_plain;h=550e1d07a69db5af9129533ba7983594b3ed3fec;p=oweals%2Fopenssl.git Fix a leak in SSL_clear() SSL_clear() was resetting numwpipes to 0, but not freeing any allocated memory for existing write buffers. Fixes #2026 Reviewed-by: Rich Salz (cherry picked from commit 4bf086005fe5ebcda5dc4d48ff701b41ab9b07f0) --- diff --git a/ssl/record/rec_layer_s3.c b/ssl/record/rec_layer_s3.c index 1270a5fa38..da1999b660 100644 --- a/ssl/record/rec_layer_s3.c +++ b/ssl/record/rec_layer_s3.c @@ -39,8 +39,6 @@ void RECORD_LAYER_init(RECORD_LAYER *rl, SSL *s) void RECORD_LAYER_clear(RECORD_LAYER *rl) { - unsigned int pipes; - rl->rstate = SSL_ST_READ_HEADER; /* @@ -62,9 +60,7 @@ void RECORD_LAYER_clear(RECORD_LAYER *rl) rl->wpend_buf = NULL; SSL3_BUFFER_clear(&rl->rbuf); - for (pipes = 0; pipes < rl->numwpipes; pipes++) - SSL3_BUFFER_clear(&rl->wbuf[pipes]); - rl->numwpipes = 0; + ssl3_release_write_buffer(rl->s); rl->numrpipes = 0; SSL3_RECORD_clear(rl->rrec, SSL_MAX_PIPELINES); diff --git a/ssl/record/ssl3_buffer.c b/ssl/record/ssl3_buffer.c index 963800238b..b6ed771ca9 100644 --- a/ssl/record/ssl3_buffer.c +++ b/ssl/record/ssl3_buffer.c @@ -105,13 +105,17 @@ int ssl3_setup_write_buffer(SSL *s, unsigned int numwpipes, size_t len) wb = RECORD_LAYER_get_wbuf(&s->rlayer); for (currpipe = 0; currpipe < numwpipes; currpipe++) { - if (wb[currpipe].buf == NULL) { - if ((p = OPENSSL_malloc(len)) == NULL) { + SSL3_BUFFER *thiswb = &wb[currpipe]; + + if (thiswb->buf == NULL) { + p = OPENSSL_malloc(len); + if (p == NULL) { s->rlayer.numwpipes = currpipe; goto err; } - wb[currpipe].buf = p; - wb[currpipe].len = len; + memset(thiswb, 0, sizeof(SSL3_BUFFER)); + thiswb->buf = p; + thiswb->len = len; } } diff --git a/test/sslapitest.c b/test/sslapitest.c index 90326d9f9d..01811bf7e6 100644 --- a/test/sslapitest.c +++ b/test/sslapitest.c @@ -101,8 +101,16 @@ static int execute_test_large_message(const SSL_METHOD *smeth, goto end; } - testresult = 1; + /* + * Calling SSL_clear() first is not required but this tests that SSL_clear() + * doesn't leak (when using enable-crypto-mdebug). + */ + if (!SSL_clear(serverssl)) { + printf("Unexpected failure from SSL_clear()\n"); + goto end; + } + testresult = 1; end: X509_free(chaincert); SSL_free(serverssl);