mirror of
https://github.com/openssl/openssl.git
synced 2025-02-17 14:32:04 +08:00
Fix memory leak when freeing the DTLS record layer
We need to check whether the sent_messages has actually buffered any messages in it. If not we won't free the old record layer later when we clear out the old buffered messages and a memory leak will result. Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/19586)
This commit is contained in:
Matt Caswell
Hugo Landau
parent
22094d11a7
commit
20c7febc86
@ -684,7 +684,7 @@ dtls_new_record_layer(OSSL_LIB_CTX *libctx, const char *propq, int vers,
|
||||
|
||||
err:
|
||||
if (ret != OSSL_RECORD_RETURN_SUCCESS) {
|
||||
OPENSSL_free(*retrl);
|
||||
dtls_free(*retrl);
|
||||
*retrl = NULL;
|
||||
}
|
||||
return ret;
|
||||
|
||||
@ -1356,11 +1356,14 @@ int ssl_set_new_record_layer(SSL_CONNECTION *s, int version,
|
||||
|
||||
/*
|
||||
* Free the old record layer if we have one except in the case of DTLS when
|
||||
* writing. In that case the record layer is still referenced by buffered
|
||||
* messages for potential retransmit. Only when those buffered messages get
|
||||
* freed do we free the record layer object (see dtls1_hm_fragment_free)
|
||||
* writing and there are still buffered sent messages in our queue. In that
|
||||
* case the record layer is still referenced by those buffered messages for
|
||||
* potential retransmit. Only when those buffered messages get freed do we
|
||||
* free the record layer object (see dtls1_hm_fragment_free)
|
||||
*/
|
||||
if (!SSL_CONNECTION_IS_DTLS(s) || direction == OSSL_RECORD_DIRECTION_READ) {
|
||||
if (!SSL_CONNECTION_IS_DTLS(s)
|
||||
|| direction == OSSL_RECORD_DIRECTION_READ
|
||||
|| pqueue_peek(s->d1->sent_messages) == NULL) {
|
||||
if (*thismethod != NULL && !(*thismethod)->free(*thisrl)) {
|
||||
SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR);
|
||||
return 0;
|
||||
|
||||
Loading…
Reference in New Issue
Block a user