[Openvpn-devel] Plug memory leak if push is interrupted

Message ID 1516194984-1540-1-git-send-email-steffan.karger@fox-it.com
State Accepted
Headers show
Series [Openvpn-devel] Plug memory leak if push is interrupted | expand

Commit Message

Steffan Karger Jan. 17, 2018, 2:16 a.m. UTC
If a push is interrupted due to a timeout, c->c2.pulled_options_state is
never freed.  Fix that by always cleaning up any remaining pulled
options state when we close a connection.

This changes the mbedtls implementation of md_ctx_cleanup to actually
clean up the context, which was not needed earlier.

Signed-off-by: Steffan Karger <steffan.karger@fox-it.com>
 src/openvpn/crypto_mbedtls.c | 1 +
 src/openvpn/init.c           | 6 ++++++
 2 files changed, 7 insertions(+)


Gert Doering Jan. 25, 2018, 2:29 a.m. UTC | #1
ACK.  Makes sense.

The changes to crypto_mbedtls.c match the documentation for the mbedtls
md functions, and the rest is just basic "if you make it, clean it up 
later on again" :-) - lightly tested ("t_client"), too lazy to come up
with a test rig to trigger and truly test this.

Your patch has been applied to the master and release/2.4 branch.

commit 07036fd3c456ed4ebf1809d8d9f34941d42865d0 (master)
commit d04032c3f236cf7c726d6b162686bcb71fda2e15 (release/2.4)
Author: Steffan Karger
Date:   Wed Jan 17 14:16:24 2018 +0100

     Plug memory leak if push is interrupted

     Signed-off-by: Steffan Karger <steffan.karger@fox-it.com>
     Acked-by: Gert Doering <gert@greenie.muc.de>
     Message-Id: <1516194984-1540-1-git-send-email-steffan.karger@fox-it.com>
     URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg16265.html
     Signed-off-by: Gert Doering <gert@greenie.muc.de>

kind regards,

Gert Doering

Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot


diff --git a/src/openvpn/crypto_mbedtls.c b/src/openvpn/crypto_mbedtls.c
index 8fa03da..8fc252f 100644
--- a/src/openvpn/crypto_mbedtls.c
+++ b/src/openvpn/crypto_mbedtls.c
@@ -804,6 +804,7 @@  md_ctx_init(mbedtls_md_context_t *ctx, const mbedtls_md_info_t *kt)
 md_ctx_cleanup(mbedtls_md_context_t *ctx)
+    mbedtls_md_free(ctx);
diff --git a/src/openvpn/init.c b/src/openvpn/init.c
index 30beadb..abf8da2 100644
--- a/src/openvpn/init.c
+++ b/src/openvpn/init.c
@@ -3384,6 +3384,12 @@  do_close_tls(struct context *c)
     c->c2.options_string_local = c->c2.options_string_remote = NULL;
+    if (c->c2.pulled_options_state)
+    {
+        md_ctx_cleanup(c->c2.pulled_options_state);
+        md_ctx_free(c->c2.pulled_options_state);
+    }