mirror of
https://github.com/moparisthebest/curl
synced 2024-12-24 09:08:49 -05:00
mbedtls: release sessionid resources on error
If mbedtls_ssl_get_session() fails, it may still have allocated memory that needs to be freed to avoid leaking. Call the library API function to release session resources on this errorpath as well as on Curl_ssl_addsessionid() errors. Closes: #3574 Reported-by: Michał Antoniak <M.Antoniak@posnet.com> Reviewed-by: Daniel Stenberg <daniel@haxx.se>
This commit is contained in:
parent
188036ca58
commit
0299b262cd
@ -716,6 +716,8 @@ mbed_connect_step3(struct connectdata *conn,
|
|||||||
|
|
||||||
ret = mbedtls_ssl_get_session(&BACKEND->ssl, our_ssl_sessionid);
|
ret = mbedtls_ssl_get_session(&BACKEND->ssl, our_ssl_sessionid);
|
||||||
if(ret) {
|
if(ret) {
|
||||||
|
if(ret != MBEDTLS_ERR_SSL_ALLOC_FAILED)
|
||||||
|
mbedtls_ssl_session_free(our_ssl_sessionid);
|
||||||
free(our_ssl_sessionid);
|
free(our_ssl_sessionid);
|
||||||
failf(data, "mbedtls_ssl_get_session returned -0x%x", -ret);
|
failf(data, "mbedtls_ssl_get_session returned -0x%x", -ret);
|
||||||
return CURLE_SSL_CONNECT_ERROR;
|
return CURLE_SSL_CONNECT_ERROR;
|
||||||
@ -729,6 +731,7 @@ mbed_connect_step3(struct connectdata *conn,
|
|||||||
retcode = Curl_ssl_addsessionid(conn, our_ssl_sessionid, 0, sockindex);
|
retcode = Curl_ssl_addsessionid(conn, our_ssl_sessionid, 0, sockindex);
|
||||||
Curl_ssl_sessionid_unlock(conn);
|
Curl_ssl_sessionid_unlock(conn);
|
||||||
if(retcode) {
|
if(retcode) {
|
||||||
|
mbedtls_ssl_session_free(our_ssl_sessionid);
|
||||||
free(our_ssl_sessionid);
|
free(our_ssl_sessionid);
|
||||||
failf(data, "failed to store ssl session");
|
failf(data, "failed to store ssl session");
|
||||||
return retcode;
|
return retcode;
|
||||||
|
Loading…
Reference in New Issue
Block a user