diff options
| author | doug <> | 2015-01-12 02:15:23 +0000 |
|---|---|---|
| committer | doug <> | 2015-01-12 02:15:23 +0000 |
| commit | 96638f9d72621d2898d50d3cdb83ab1ac716b3b6 (patch) | |
| tree | 454a5c49cf61c41fe6e4c8ca7f6d1179d16b8602 /src/lib/libc | |
| parent | 66e4680272b23bffdafba54a4541102687ed6454 (diff) | |
| download | openbsd-96638f9d72621d2898d50d3cdb83ab1ac716b3b6.tar.gz openbsd-96638f9d72621d2898d50d3cdb83ab1ac716b3b6.tar.bz2 openbsd-96638f9d72621d2898d50d3cdb83ab1ac716b3b6.zip | |
Fix a memory leak in bss_dgram.
Free data->saved_message.data. Based on OpenSSL commit:
41cd41c4416f545a18ead37e09e437c75fa07c95 except this version sets a->ptr
to NULL to avoid accidental reuse and handles malloc failing.
ok beck@, input + ok miod@
Diffstat (limited to '')
| -rw-r--r-- | src/lib/libcrypto/bio/bss_dgram.c | 16 |
1 files changed, 13 insertions, 3 deletions
diff --git a/src/lib/libcrypto/bio/bss_dgram.c b/src/lib/libcrypto/bio/bss_dgram.c index c6b552eb32..ecf12fcb33 100644 --- a/src/lib/libcrypto/bio/bss_dgram.c +++ b/src/lib/libcrypto/bio/bss_dgram.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: bss_dgram.c,v 1.38 2015/01/03 18:07:29 doug Exp $ */ | 1 | /* $OpenBSD: bss_dgram.c,v 1.39 2015/01/12 02:15:23 doug Exp $ */ |
| 2 | /* | 2 | /* |
| 3 | * DTLS implementation written by Nagendra Modadugu | 3 | * DTLS implementation written by Nagendra Modadugu |
| 4 | * (nagendra@cs.stanford.edu) for the OpenSSL project 2005. | 4 | * (nagendra@cs.stanford.edu) for the OpenSSL project 2005. |
| @@ -826,7 +826,11 @@ dgram_sctp_free(BIO *a) | |||
| 826 | return 0; | 826 | return 0; |
| 827 | 827 | ||
| 828 | data = (bio_dgram_sctp_data *)a->ptr; | 828 | data = (bio_dgram_sctp_data *)a->ptr; |
| 829 | free(data); | 829 | if (data != NULL) { |
| 830 | free(data->saved_message.data); | ||
| 831 | free(data); | ||
| 832 | a->ptr = NULL; | ||
| 833 | } | ||
| 830 | 834 | ||
| 831 | return (1); | 835 | return (1); |
| 832 | } | 836 | } |
| @@ -934,6 +938,7 @@ dgram_sctp_read(BIO *b, char *out, int outl) | |||
| 934 | dgram_sctp_write(data->saved_message.bio, data->saved_message.data, | 938 | dgram_sctp_write(data->saved_message.bio, data->saved_message.data, |
| 935 | data->saved_message.length); | 939 | data->saved_message.length); |
| 936 | free(data->saved_message.data); | 940 | free(data->saved_message.data); |
| 941 | data->saved_message.data = NULL; | ||
| 937 | data->saved_message.length = 0; | 942 | data->saved_message.length = 0; |
| 938 | } | 943 | } |
| 939 | 944 | ||
| @@ -1101,9 +1106,14 @@ dgram_sctp_write(BIO *b, const char *in, int inl) | |||
| 1101 | */ | 1106 | */ |
| 1102 | if (data->save_shutdown && !BIO_dgram_sctp_wait_for_dry(b)) { | 1107 | if (data->save_shutdown && !BIO_dgram_sctp_wait_for_dry(b)) { |
| 1103 | data->saved_message.bio = b; | 1108 | data->saved_message.bio = b; |
| 1104 | data->saved_message.length = inl; | 1109 | free(data->saved_message.data); |
| 1105 | data->saved_message.data = malloc(inl); | 1110 | data->saved_message.data = malloc(inl); |
| 1111 | if (data->saved_message.data == NULL) { | ||
| 1112 | data->_errno = ENOMEM; | ||
| 1113 | return -1; | ||
| 1114 | } | ||
| 1106 | memcpy(data->saved_message.data, in, inl); | 1115 | memcpy(data->saved_message.data, in, inl); |
| 1116 | data->saved_message.length = inl; | ||
| 1107 | return inl; | 1117 | return inl; |
| 1108 | } | 1118 | } |
| 1109 | 1119 | ||