Message ID | 1516194984-1540-1-git-send-email-steffan.karger@fox-it.com |
---|---|
State | Accepted |
Headers | show |
Series | [Openvpn-devel] Plug memory leak if push is interrupted | expand |
ACK. Makes sense. The changes to crypto_mbedtls.c match the documentation for the mbedtls md functions, and the rest is just basic "if you make it, clean it up later on again" :-) - lightly tested ("t_client"), too lazy to come up with a test rig to trigger and truly test this. Your patch has been applied to the master and release/2.4 branch. commit 07036fd3c456ed4ebf1809d8d9f34941d42865d0 (master) commit d04032c3f236cf7c726d6b162686bcb71fda2e15 (release/2.4) Author: Steffan Karger Date: Wed Jan 17 14:16:24 2018 +0100 Plug memory leak if push is interrupted Signed-off-by: Steffan Karger <steffan.karger@fox-it.com> Acked-by: Gert Doering <gert@greenie.muc.de> Message-Id: <1516194984-1540-1-git-send-email-steffan.karger@fox-it.com> URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg16265.html Signed-off-by: Gert Doering <gert@greenie.muc.de> -- kind regards, Gert Doering ------------------------------------------------------------------------------ Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot
diff --git a/src/openvpn/crypto_mbedtls.c b/src/openvpn/crypto_mbedtls.c index 8fa03da..8fc252f 100644 --- a/src/openvpn/crypto_mbedtls.c +++ b/src/openvpn/crypto_mbedtls.c @@ -804,6 +804,7 @@ md_ctx_init(mbedtls_md_context_t *ctx, const mbedtls_md_info_t *kt) void md_ctx_cleanup(mbedtls_md_context_t *ctx) { + mbedtls_md_free(ctx); } int diff --git a/src/openvpn/init.c b/src/openvpn/init.c index 30beadb..abf8da2 100644 --- a/src/openvpn/init.c +++ b/src/openvpn/init.c @@ -3384,6 +3384,12 @@ do_close_tls(struct context *c) } c->c2.options_string_local = c->c2.options_string_remote = NULL; #endif + + if (c->c2.pulled_options_state) + { + md_ctx_cleanup(c->c2.pulled_options_state); + md_ctx_free(c->c2.pulled_options_state); + } } /*
If a push is interrupted due to a timeout, c->c2.pulled_options_state is never freed. Fix that by always cleaning up any remaining pulled options state when we close a connection. This changes the mbedtls implementation of md_ctx_cleanup to actually clean up the context, which was not needed earlier. Signed-off-by: Steffan Karger <steffan.karger@fox-it.com> --- src/openvpn/crypto_mbedtls.c | 1 + src/openvpn/init.c | 6 ++++++ 2 files changed, 7 insertions(+)