Fixed memory leak due to incorrect freeing of DTLS reassembly bit mask

PR#3608 Reviewed-by: N Tim Hudson <tjh@openssl.org>

Fixed memory leak due to incorrect freeing of DTLS reassembly bit mask
PR#3608 Reviewed-by: N Tim Hudson <tjh@openssl.org>
8a35dbb6 · Matt Caswell · 3a076588 · 8a35dbb6 · 8a35dbb6 · 8a35dbb6
隐藏空白更改
内联并排

Showing with 4 addition and 6 deletion

ssl/d1_both.c ssl/d1_both.c +1 -2

ssl/d1_lib.c ssl/d1_lib.c +2 -4

ssl/ssl_locl.h ssl/ssl_locl.h +1 -0

未找到文件。
--- a/ssl/d1_both.c
+++ b/ssl/d1_both.c
@@ -211,8 +211,7 @@ dtls1_hm_fragment_new(unsigned long frag_len, int reassembly)
 	return frag;
 	}

-static void
-dtls1_hm_fragment_free(hm_fragment *frag)
+void dtls1_hm_fragment_free(hm_fragment *frag)
 	{

 	if (frag->msg_header.is_ccs)

--- a/ssl/d1_lib.c
+++ b/ssl/d1_lib.c
@@ -187,16 +187,14 @@ static void dtls1_clear_queues(SSL *s)
    while( (item = pqueue_pop(s->d1->buffered_messages)) != NULL)
        {
        frag = (hm_fragment *)item->data;
-        OPENSSL_free(frag->fragment);
-        OPENSSL_free(frag);
+        dtls1_hm_fragment_free(frag);
        pitem_free(item);
        }

    while ( (item = pqueue_pop(s->d1->sent_messages)) != NULL)
        {
        frag = (hm_fragment *)item->data;
-        OPENSSL_free(frag->fragment);
-        OPENSSL_free(frag);
+        dtls1_hm_fragment_free(frag);
        pitem_free(item);
        }


--- a/ssl/ssl_locl.h
+++ b/ssl/ssl_locl.h
@@ -1219,6 +1219,7 @@ int dtls1_is_timer_expired(SSL *s);
 void dtls1_double_timeout(SSL *s);
 int dtls1_send_newsession_ticket(SSL *s);
 unsigned int dtls1_min_mtu(void);
+void dtls1_hm_fragment_free(hm_fragment *frag);

 /* some client-only functions */
 int ssl3_client_hello(SSL *s);