[openssl-commits] [openssl] master update

Matt Caswell matt at openssl.org
Mon Jan 30 23:04:50 UTC 2017


The branch master has been updated
       via  33d9341702813c0372bdb84e77a49c33142e3136 (commit)
       via  c8ab3a46530029739272e14acbfc91a5feb291a7 (commit)
      from  787ebcafcd82daf5809ef308f8b6d6bbec17b354 (commit)


- Log -----------------------------------------------------------------
commit 33d9341702813c0372bdb84e77a49c33142e3136
Author: Matt Caswell <matt at openssl.org>
Date:   Mon Jan 30 19:37:17 2017 +0000

    Free up the memory for the NewSessionTicket extensions
    
    Reviewed-by: Kurt Roeckx <kurt at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/2326)

commit c8ab3a46530029739272e14acbfc91a5feb291a7
Author: Matt Caswell <matt at openssl.org>
Date:   Mon Jan 30 19:36:51 2017 +0000

    Make sure we free and cleanse the pms value in all code paths
    
    Otherwise we get a memory leak.
    
    Reviewed-by: Kurt Roeckx <kurt at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/2326)

-----------------------------------------------------------------------

Summary of changes:
 ssl/s3_lib.c             | 4 +---
 ssl/statem/statem_clnt.c | 2 ++
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/ssl/s3_lib.c b/ssl/s3_lib.c
index c4d4352..936a301 100644
--- a/ssl/s3_lib.c
+++ b/ssl/s3_lib.c
@@ -4118,10 +4118,8 @@ int ssl_derive(SSL *s, EVP_PKEY *privkey, EVP_PKEY *pubkey, int gensecret)
 
             rv = rv && tls13_generate_handshake_secret(s, pms, pmslen);
         } else {
-            /* Generate master secret and discard premaster */
-            rv = ssl_generate_master_secret(s, pms, pmslen, 1);
+            rv = ssl_generate_master_secret(s, pms, pmslen, 0);
         }
-        pms = NULL;
     } else {
         /* Save premaster secret */
         s->s3->tmp.pms = pms;
diff --git a/ssl/statem/statem_clnt.c b/ssl/statem/statem_clnt.c
index d5d933c..6bd7481 100644
--- a/ssl/statem/statem_clnt.c
+++ b/ssl/statem/statem_clnt.c
@@ -2323,6 +2323,7 @@ MSG_PROCESS_RETURN tls_process_new_session_ticket(SSL *s, PACKET *pkt)
 
     /* This is a standalone message in TLSv1.3, so there is no more to read */
     if (SSL_IS_TLS13(s)) {
+        OPENSSL_free(exts);
         ssl_update_cache(s, SSL_SESS_CACHE_CLIENT);
         return MSG_PROCESS_FINISHED_READING;
     }
@@ -2332,6 +2333,7 @@ MSG_PROCESS_RETURN tls_process_new_session_ticket(SSL *s, PACKET *pkt)
     ssl3_send_alert(s, SSL3_AL_FATAL, al);
  err:
     ossl_statem_set_error(s);
+    OPENSSL_free(exts);
     return MSG_PROCESS_ERROR;
 }
 


More information about the openssl-commits mailing list