[openssl-commits] [openssl] OpenSSL_1_1_0-stable update
Matt Caswell
matt at openssl.org
Mon Dec 12 13:18:56 UTC 2016
The branch OpenSSL_1_1_0-stable has been updated
via 550e1d07a69db5af9129533ba7983594b3ed3fec (commit)
from 2ece9c1fc6c5d998dc2abe03f2caf278ec05d9d0 (commit)
- Log -----------------------------------------------------------------
commit 550e1d07a69db5af9129533ba7983594b3ed3fec
Author: Matt Caswell <matt at openssl.org>
Date: Tue Dec 6 10:49:01 2016 +0000
Fix a leak in SSL_clear()
SSL_clear() was resetting numwpipes to 0, but not freeing any allocated
memory for existing write buffers.
Fixes #2026
Reviewed-by: Rich Salz <rsalz at openssl.org>
(cherry picked from commit 4bf086005fe5ebcda5dc4d48ff701b41ab9b07f0)
-----------------------------------------------------------------------
Summary of changes:
ssl/record/rec_layer_s3.c | 6 +-----
ssl/record/ssl3_buffer.c | 12 ++++++++----
test/sslapitest.c | 10 +++++++++-
3 files changed, 18 insertions(+), 10 deletions(-)
diff --git a/ssl/record/rec_layer_s3.c b/ssl/record/rec_layer_s3.c
index 1270a5f..da1999b 100644
--- a/ssl/record/rec_layer_s3.c
+++ b/ssl/record/rec_layer_s3.c
@@ -39,8 +39,6 @@ void RECORD_LAYER_init(RECORD_LAYER *rl, SSL *s)
void RECORD_LAYER_clear(RECORD_LAYER *rl)
{
- unsigned int pipes;
-
rl->rstate = SSL_ST_READ_HEADER;
/*
@@ -62,9 +60,7 @@ void RECORD_LAYER_clear(RECORD_LAYER *rl)
rl->wpend_buf = NULL;
SSL3_BUFFER_clear(&rl->rbuf);
- for (pipes = 0; pipes < rl->numwpipes; pipes++)
- SSL3_BUFFER_clear(&rl->wbuf[pipes]);
- rl->numwpipes = 0;
+ ssl3_release_write_buffer(rl->s);
rl->numrpipes = 0;
SSL3_RECORD_clear(rl->rrec, SSL_MAX_PIPELINES);
diff --git a/ssl/record/ssl3_buffer.c b/ssl/record/ssl3_buffer.c
index 9638002..b6ed771 100644
--- a/ssl/record/ssl3_buffer.c
+++ b/ssl/record/ssl3_buffer.c
@@ -105,13 +105,17 @@ int ssl3_setup_write_buffer(SSL *s, unsigned int numwpipes, size_t len)
wb = RECORD_LAYER_get_wbuf(&s->rlayer);
for (currpipe = 0; currpipe < numwpipes; currpipe++) {
- if (wb[currpipe].buf == NULL) {
- if ((p = OPENSSL_malloc(len)) == NULL) {
+ SSL3_BUFFER *thiswb = &wb[currpipe];
+
+ if (thiswb->buf == NULL) {
+ p = OPENSSL_malloc(len);
+ if (p == NULL) {
s->rlayer.numwpipes = currpipe;
goto err;
}
- wb[currpipe].buf = p;
- wb[currpipe].len = len;
+ memset(thiswb, 0, sizeof(SSL3_BUFFER));
+ thiswb->buf = p;
+ thiswb->len = len;
}
}
diff --git a/test/sslapitest.c b/test/sslapitest.c
index 90326d9..01811bf 100644
--- a/test/sslapitest.c
+++ b/test/sslapitest.c
@@ -101,8 +101,16 @@ static int execute_test_large_message(const SSL_METHOD *smeth,
goto end;
}
- testresult = 1;
+ /*
+ * Calling SSL_clear() first is not required but this tests that SSL_clear()
+ * doesn't leak (when using enable-crypto-mdebug).
+ */
+ if (!SSL_clear(serverssl)) {
+ printf("Unexpected failure from SSL_clear()\n");
+ goto end;
+ }
+ testresult = 1;
end:
X509_free(chaincert);
SSL_free(serverssl);
More information about the openssl-commits
mailing list