generic-library/curl
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

mbedtls: fix memory leak when destroying SSL connection data

Browse Source 
Closes #626
This commit is contained in:
Rafael Antonio
2016-02-01 23:13:10 +01:00
committed by Daniel Stenberg
parent 716302c2cd
commit c62d7944cf
1 changed files with 11 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

16
lib/vtls/mbedtls.c
View File

@@ -211,7 +211,7 @@ mbedtls_connect_step1(struct connectdata *conn,
#endif /* THREADING_SUPPORT */ #endif /* THREADING_SUPPORT */
/* Load the trusted CA */ /* Load the trusted CA */
memset(&connssl->cacert, 0, sizeof(mbedtls_x509_crt)); mbedtls_x509_crt_init(&connssl->cacert);
if(data->set.str[STRING_SSL_CAFILE]) { if(data->set.str[STRING_SSL_CAFILE]) {
ret = mbedtls_x509_crt_parse_file(&connssl->cacert, ret = mbedtls_x509_crt_parse_file(&connssl->cacert,
@@ -246,7 +246,7 @@ mbedtls_connect_step1(struct connectdata *conn,
} }
/* Load the client certificate */ /* Load the client certificate */
memset(&connssl->clicert, 0, sizeof(mbedtls_x509_crt)); mbedtls_x509_crt_init(&connssl->clicert);
if(data->set.str[STRING_CERT]) { if(data->set.str[STRING_CERT]) {
ret = mbedtls_x509_crt_parse_file(&connssl->clicert, ret = mbedtls_x509_crt_parse_file(&connssl->clicert,
@@ -264,8 +264,9 @@ mbedtls_connect_step1(struct connectdata *conn,
} }
/* Load the client private key */ /* Load the client private key */
mbedtls_pk_init(&connssl->pk);
if(data->set.str[STRING_KEY]) { if(data->set.str[STRING_KEY]) {
mbedtls_pk_init(&connssl->pk);
ret = mbedtls_pk_parse_keyfile(&connssl->pk, data->set.str[STRING_KEY], ret = mbedtls_pk_parse_keyfile(&connssl->pk, data->set.str[STRING_KEY],
data->set.str[STRING_KEY_PASSWD]); data->set.str[STRING_KEY_PASSWD]);
if(ret == 0 && !mbedtls_pk_can_do(&connssl->pk, MBEDTLS_PK_RSA)) if(ret == 0 && !mbedtls_pk_can_do(&connssl->pk, MBEDTLS_PK_RSA))
@@ -283,7 +284,7 @@ mbedtls_connect_step1(struct connectdata *conn,
} }
/* Load the CRL */ /* Load the CRL */
memset(&connssl->crl, 0, sizeof(mbedtls_x509_crl)); mbedtls_x509_crl_init(&connssl->crl);
if(data->set.str[STRING_SSL_CRLFILE]) { if(data->set.str[STRING_SSL_CRLFILE]) {
ret = mbedtls_x509_crl_parse_file(&connssl->crl, ret = mbedtls_x509_crl_parse_file(&connssl->crl,
@@ -647,11 +648,16 @@ void Curl_mbedtls_close_all(struct SessionHandle *data)
void Curl_mbedtls_close(struct connectdata *conn, int sockindex) void Curl_mbedtls_close(struct connectdata *conn, int sockindex)
{ {
/* mbedtls_rsa_free(&conn->ssl[sockindex].rsa); */ mbedtls_pk_free(&conn->ssl[sockindex].pk);
mbedtls_x509_crt_free(&conn->ssl[sockindex].clicert); mbedtls_x509_crt_free(&conn->ssl[sockindex].clicert);
mbedtls_x509_crt_free(&conn->ssl[sockindex].cacert); mbedtls_x509_crt_free(&conn->ssl[sockindex].cacert);
mbedtls_x509_crl_free(&conn->ssl[sockindex].crl); mbedtls_x509_crl_free(&conn->ssl[sockindex].crl);
mbedtls_ssl_config_free(&conn->ssl[sockindex].config);
mbedtls_ssl_free(&conn->ssl[sockindex].ssl); mbedtls_ssl_free(&conn->ssl[sockindex].ssl);
mbedtls_ctr_drbg_free(&conn->ssl[sockindex].ctr_drbg);
#ifndef THREADING_SUPPORT
mbedtls_entropy_free(&conn->ssl[sockindex].entropy);
#endif /* THREADING_SUPPORT */
} }
static ssize_t mbedtls_recv(struct connectdata *conn, static ssize_t mbedtls_recv(struct connectdata *conn,