From 5068512c1d5a02141d634c09f52dc97a6096a032 Mon Sep 17 00:00:00 2001 From: jsing <> Date: Sat, 26 Sep 2020 14:43:17 +0000 Subject: Call dtls1_hm_fragment_free() from dtls1_drain_fragments() Currently dtls1_drain_fragments() has a incomplete handrolled version of dtls1_hm_fragment_free(), which has the potential to leak memory. Replace the handrolled free with a call to dtls1_hm_fragment_free(). ok inoguchi@ tb@ --- src/lib/libssl/d1_both.c | 6 +++--- src/lib/libssl/d1_lib.c | 9 ++++----- 2 files changed, 7 insertions(+), 8 deletions(-) diff --git a/src/lib/libssl/d1_both.c b/src/lib/libssl/d1_both.c index 6541a395a7..3d2516ce41 100644 --- a/src/lib/libssl/d1_both.c +++ b/src/lib/libssl/d1_both.c @@ -1,4 +1,4 @@ -/* $OpenBSD: d1_both.c,v 1.59 2020/09/26 08:58:00 jsing Exp $ */ +/* $OpenBSD: d1_both.c,v 1.60 2020/09/26 14:43:17 jsing Exp $ */ /* * DTLS implementation written by Nagendra Modadugu * (nagendra@cs.stanford.edu) for the OpenSSL project 2005. @@ -166,7 +166,7 @@ static int dtls1_write_message_header(const struct hm_header_st *msg_hdr, static long dtls1_get_message_fragment(SSL *s, int st1, int stn, long max, int *ok); -static void dtls1_hm_fragment_free(hm_fragment *frag); +void dtls1_hm_fragment_free(hm_fragment *frag); static hm_fragment * dtls1_hm_fragment_new(unsigned long frag_len, int reassembly) @@ -195,7 +195,7 @@ dtls1_hm_fragment_new(unsigned long frag_len, int reassembly) return NULL; } -static void +void dtls1_hm_fragment_free(hm_fragment *frag) { if (frag == NULL) diff --git a/src/lib/libssl/d1_lib.c b/src/lib/libssl/d1_lib.c index b2f05452c8..b7d23ef4ca 100644 --- a/src/lib/libssl/d1_lib.c +++ b/src/lib/libssl/d1_lib.c @@ -1,4 +1,4 @@ -/* $OpenBSD: d1_lib.c,v 1.49 2020/09/26 09:01:05 jsing Exp $ */ +/* $OpenBSD: d1_lib.c,v 1.50 2020/09/26 14:43:17 jsing Exp $ */ /* * DTLS implementation written by Nagendra Modadugu * (nagendra@cs.stanford.edu) for the OpenSSL project 2005. @@ -70,6 +70,8 @@ #include "pqueue.h" #include "ssl_locl.h" +void dtls1_hm_fragment_free(hm_fragment *frag); + static int dtls1_listen(SSL *s, struct sockaddr *client); SSL3_ENC_METHOD DTLSv1_enc_data = { @@ -130,15 +132,12 @@ static void dtls1_drain_fragments(pqueue queue) { pitem *item; - hm_fragment *frag; if (queue == NULL) return; while ((item = pqueue_pop(queue)) != NULL) { - frag = (hm_fragment *)item->data; - free(frag->fragment); - free(frag); + dtls1_hm_fragment_free(item->data); pitem_free(item); } } -- cgit v1.2.3-55-g6feb