Fix a memory leak in the ClientHello extension parsing

We should be freeing up the raw extension data after we've finished with it. Reviewed-by: N Kurt Roeckx <kurt@openssl.org> Reviewed-by: N Rich Salz <rsalz@openssl.org>

Fix a memory leak in the ClientHello extension parsing
We should be freeing up the raw extension data after we've finished with it. Reviewed-by: N Kurt Roeckx <kurt@openssl.org> Reviewed-by: N Rich Salz <rsalz@openssl.org>
9529419d · Matt Caswell · 4bfe1432 · 9529419d
隐藏空白更改
内联并排

Showing with 4 addition and 0 deletion

ssl/statem/statem_srvr.c ssl/statem/statem_srvr.c +4 -0

未找到文件。
--- a/ssl/statem/statem_srvr.c
+++ b/ssl/statem/statem_srvr.c
@@ -907,6 +907,8 @@ MSG_PROCESS_RETURN tls_process_client_hello(SSL *s, PACKET *pkt)
     * structure.
     */

+    memset(&clienthello, 0, sizeof(clienthello));
+
    clienthello.isv2 = RECORD_LAYER_is_sslv2_record(&s->rlayer);

    PACKET_null_init(&cookie);
@@ -1423,6 +1425,7 @@ MSG_PROCESS_RETURN tls_process_client_hello(SSL *s, PACKET *pkt)
    }

    sk_SSL_CIPHER_free(ciphers);
+    OPENSSL_free(clienthello.pre_proc_exts);
    return MSG_PROCESS_CONTINUE_PROCESSING;
 f_err:
    ssl3_send_alert(s, SSL3_AL_FATAL, al);
@@ -1430,6 +1433,7 @@ MSG_PROCESS_RETURN tls_process_client_hello(SSL *s, PACKET *pkt)
    ossl_statem_set_error(s);

    sk_SSL_CIPHER_free(ciphers);
+    OPENSSL_free(clienthello.pre_proc_exts);
    return MSG_PROCESS_ERROR;

 }