From e7c27a6c3716843f8412fd96311b70ac84b785f9 Mon Sep 17 00:00:00 2001 From: NaveenShivanna86 Date: Wed, 21 Aug 2019 11:58:29 +0530 Subject: [PATCH] 'init_buf' memory can be freed when DTLS is used over SCTP (not over UDP). Reviewed-by: Matt Caswell Reviewed-by: Matthias St. Pierre (Merged from https://github.com/openssl/openssl/pull/9653) --- ssl/statem/statem_lib.c | 15 +++++++++++++-- 1 file changed, 13 insertions(+), 2 deletions(-) diff --git a/ssl/statem/statem_lib.c b/ssl/statem/statem_lib.c index 898c608170..d2f7aab2ad 100644 --- a/ssl/statem/statem_lib.c +++ b/ssl/statem/statem_lib.c @@ -1039,14 +1039,25 @@ WORK_STATE tls_finish_handshake(SSL *s, WORK_STATE wst, int clearbufs, int stop) int cleanuphand = s->statem.cleanuphand; if (clearbufs) { - if (!SSL_IS_DTLS(s)) { + if (!SSL_IS_DTLS(s) +#ifndef OPENSSL_NO_SCTP /* - * We don't do this in DTLS because we may still need the init_buf + * RFC6083: SCTP provides a reliable and in-sequence transport service for DTLS + * messages that require it. Therefore, DTLS procedures for retransmissions + * MUST NOT be used. + * Hence the init_buf can be cleared when DTLS over SCTP as transport is used. + */ + || BIO_dgram_is_sctp(SSL_get_wbio(s)) +#endif + ) { + /* + * We don't do this in DTLS over UDP because we may still need the init_buf * in case there are any unexpected retransmits */ BUF_MEM_free(s->init_buf); s->init_buf = NULL; } + if (!ssl_free_wbio_buffer(s)) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_FINISH_HANDSHAKE, ERR_R_INTERNAL_ERROR); -- 2.25.1