From c981229b04cdb149af95147fa54d5c747281e78d Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Mon, 15 Jul 2019 10:31:11 +0200 Subject: [PATCH] Fix memory leak in client/server2 context_buf was never free()d. Moreover, since we want to free it on error paths as well, and even properly zeroize it in order to demonstrate good memory hygiene, we need to make it and its length main()-scoped. --- programs/ssl/ssl_client2.c | 15 ++++++++++++++- programs/ssl/ssl_server2.c | 16 +++++++++++++++- 2 files changed, 29 insertions(+), 2 deletions(-) diff --git a/programs/ssl/ssl_client2.c b/programs/ssl/ssl_client2.c index 41cd4e4c0..55277b12d 100644 --- a/programs/ssl/ssl_client2.c +++ b/programs/ssl/ssl_client2.c @@ -805,6 +805,10 @@ int main( int argc, char *argv[] ) #endif char *p, *q; const int *list; +#if defined(MBEDTLS_SSL_CONTEXT_SERIALIZATION) + unsigned char *context_buf = NULL; + size_t context_buf_len; +#endif /* * Make sure memory references are valid. @@ -2489,7 +2493,6 @@ send_request: if( opt.serialize != 0 ) { size_t buf_len; - unsigned char *context_buf = NULL; mbedtls_printf( " . Serializing live connection..." ); @@ -2509,6 +2512,7 @@ send_request: goto exit; } + context_buf_len = buf_len; if( ( ret = mbedtls_ssl_context_save( &ssl, context_buf, buf_len, &buf_len ) ) != 0 ) @@ -2586,6 +2590,10 @@ send_request: goto exit; } + mbedtls_free( context_buf ); + context_buf = NULL; + context_buf_len = 0; + mbedtls_printf( " ok\n" ); } #endif /* MBEDTLS_SSL_CONTEXT_SERIALIZATION */ @@ -2725,6 +2733,11 @@ exit: if( session_data != NULL ) mbedtls_platform_zeroize( session_data, session_data_len ); mbedtls_free( session_data ); +#if defined(MBEDTLS_SSL_CONTEXT_SERIALIZATION) + if( context_buf != NULL ) + mbedtls_platform_zeroize( context_buf, context_buf_len ); + mbedtls_free( context_buf ); +#endif #if defined(_WIN32) mbedtls_printf( " + Press Enter to exit this program.\n" ); diff --git a/programs/ssl/ssl_server2.c b/programs/ssl/ssl_server2.c index dbabc7a34..bf209e8b1 100644 --- a/programs/ssl/ssl_server2.c +++ b/programs/ssl/ssl_server2.c @@ -1442,6 +1442,10 @@ int main( int argc, char *argv[] ) size_t cid_len = 0; size_t cid_renego_len = 0; #endif +#if defined(MBEDTLS_SSL_CONTEXT_SERIALIZATION) + unsigned char *context_buf = NULL; + size_t context_buf_len; +#endif int i; char *p, *q; @@ -3505,7 +3509,6 @@ data_exchange: if( opt.serialize != 0 ) { size_t buf_len; - unsigned char *context_buf = NULL; mbedtls_printf( " . Serializing live connection..." ); @@ -3525,6 +3528,7 @@ data_exchange: goto exit; } + context_buf_len = buf_len; if( ( ret = mbedtls_ssl_context_save( &ssl, context_buf, buf_len, &buf_len ) ) != 0 ) @@ -3623,6 +3627,10 @@ data_exchange: goto exit; } + mbedtls_free( context_buf ); + context_buf = NULL; + context_buf_len = 0; + mbedtls_printf( " ok\n" ); } #endif /* MBEDTLS_SSL_CONTEXT_SERIALIZATION */ @@ -3715,6 +3723,12 @@ exit: mbedtls_free( buf ); +#if defined(MBEDTLS_SSL_CONTEXT_SERIALIZATION) + if( context_buf != NULL ) + mbedtls_platform_zeroize( context_buf, context_buf_len ); + mbedtls_free( context_buf ); +#endif + #if defined(MBEDTLS_MEMORY_BUFFER_ALLOC_C) #if defined(MBEDTLS_MEMORY_DEBUG) mbedtls_memory_buffer_alloc_status();