Init and free new contexts in the right place for SSL to prevent

memory leaks
2013-07-04 11:51:43 +02:00 · 2013-07-04 11:51:43 +02:00 · 61d113bb7b
commit 61d113bb7b
parent 8647eecf90
3 changed files with 30 additions and 5 deletions
--- a/library/ssl_cli.c
+++ b/library/ssl_cli.c
@ -824,8 +824,6 @@ static int ssl_parse_server_ecdh_params( ssl_context *ssl,
     *     ECPoint      public;
     * } ServerECDHParams;
     */
-    ecdh_init( &ssl->handshake->ecdh_ctx );
-
    if( ( ret = ecdh_read_params( &ssl->handshake->ecdh_ctx,
                                  (const unsigned char **) p, end ) ) != 0 )
    {
--- a/library/ssl_srv.c
+++ b/library/ssl_srv.c
@ -1304,7 +1304,6 @@ static int ssl_write_server_key_exchange( ssl_context *ssl )
         *     ECPoint      public;
         * } ServerECDHParams;
         */
-        ecdh_init( &ssl->handshake->ecdh_ctx );
        if( ( ret = ecp_use_known_dp( &ssl->handshake->ecdh_ctx.grp,
                                       ssl->handshake->ec_curve ) ) != 0 )
        {
@ -1423,6 +1422,13 @@ static int ssl_write_server_key_exchange( ssl_context *ssl )
            md_update( &ctx, ssl->handshake->randbytes, 64 );
            md_update( &ctx, dig_sig, dig_sig_len );
            md_finish( &ctx, hash );
+
+            if( ( ret = md_free_ctx( &ctx ) ) != 0 )
+            {
+                SSL_DEBUG_RET( 1, "md_free_ctx", ret );
+                return( ret );
+            }
+
        }

        SSL_DEBUG_BUF( 3, "parameters hash", hash, hashlen );
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c
@ -318,6 +318,7 @@ int ssl_derive_keys( ssl_context *ssl )
    unsigned int iv_copy_len;
    const cipher_info_t *cipher_info;
    const md_info_t *md_info;
+    int ret;

    ssl_session *session = ssl->session_negotiate;
    ssl_transform *transform = ssl->transform_negotiate;
@ -444,8 +445,17 @@ int ssl_derive_keys( ssl_context *ssl )
    {
        if( md_info->type != POLARSSL_MD_NONE )
        {
-            md_init_ctx( &transform->md_ctx_enc, md_info );
-            md_init_ctx( &transform->md_ctx_dec, md_info );
+            if( ( ret = md_init_ctx( &transform->md_ctx_enc, md_info ) ) != 0 )
+            {
+                SSL_DEBUG_RET( 1, "md_init_ctx", ret );
+                return( ret );
+            }
+
+            if( ( ret = md_init_ctx( &transform->md_ctx_dec, md_info ) ) != 0 )
+            {
+                SSL_DEBUG_RET( 1, "md_init_ctx", ret );
+                return( ret );
+            }

            transform->maclen = md_get_size( md_info );
        }
@ -2743,6 +2753,10 @@ static int ssl_handshake_init( ssl_context *ssl )
    ssl->handshake->update_checksum = ssl_update_checksum_start;
    ssl->handshake->sig_alg = SSL_HASH_SHA1;

+#if defined(POLARSSL_ECDH_C)
+    ecdh_init( &ssl->handshake->ecdh_ctx );
+#endif
+
    return( 0 );
 }

@ -3436,6 +3450,9 @@ void ssl_transform_free( ssl_transform *transform )
    inflateEnd( &transform->ctx_inflate );
 #endif

+    md_free_ctx( &transform->md_ctx_enc );
+    md_free_ctx( &transform->md_ctx_dec );
+
    memset( transform, 0, sizeof( ssl_transform ) );
 }

@ -3444,6 +3461,10 @@ void ssl_handshake_free( ssl_handshake_params *handshake )
 #if defined(POLARSSL_DHM_C)
    dhm_free( &handshake->dhm_ctx );
 #endif
+#if defined(POLARSSL_ECDH_C)
+    ecdh_free( &handshake->ecdh_ctx );
+#endif
+
    memset( handshake, 0, sizeof( ssl_handshake_params ) );
 }