Merge remote-tracking branch 'public/pr/2072' into mbedtls-2.1-proposed

commit: c84f5c937dd316d2dff1e990ea42fe976579e873 [log] [tgz]
author: Simon Butcher <simon.butcher@arm.com> Sun Oct 28 16:58:29 2018 +0000
committer: Simon Butcher <simon.butcher@arm.com> Sun Oct 28 16:58:29 2018 +0000
tree: e9c20cac82e2948e666a314926aa1d44769b6c51
parent: 351c4f15f40e3131b3a5dcfde83a3f465cad3344 [diff]
parent: d6a0ed169f263cce2433cff109e6c6de79ff62dc [diff]
diff --git a/ChangeLog b/ChangeLog
index 6e79644..d127877 100644
--- a/ChangeLog
+++ b/ChangeLog

@@ -12,6 +12,10 @@
    * Fix a bug in the record decryption routine ssl_decrypt_buf()
      which lead to accepting properly authenticated but improperly
      padded records in case of CBC ciphersuites using Encrypt-then-MAC.
+   * Fix wrong order of freeing in programs/ssl/ssl_server2 example
+     application leading to a memory leak in case both
+     MBEDTLS_MEMORY_BUFFER_ALLOC_C and MBEDTLS_MEMORY_BACKTRACE are set.
+     Fixes #2069.
 
 Changes
    * "make apidoc" now generates the documentation for the current

diff --git a/programs/ssl/ssl_server2.c b/programs/ssl/ssl_server2.c
index 5e6a705..3951b83 100644
--- a/programs/ssl/ssl_server2.c
+++ b/programs/ssl/ssl_server2.c

@@ -2495,6 +2495,8 @@
     mbedtls_ssl_cookie_free( &cookie_ctx );
 #endif
 
+    mbedtls_free( buf );
+
 #if defined(MBEDTLS_MEMORY_BUFFER_ALLOC_C)
 #if defined(MBEDTLS_MEMORY_DEBUG)
     mbedtls_memory_buffer_alloc_status();
@@ -2502,7 +2504,6 @@
     mbedtls_memory_buffer_alloc_free();
 #endif
 
-    mbedtls_free( buf );
     mbedtls_printf( " done.\n" );
 
 #if defined(_WIN32)
commit	c84f5c937dd316d2dff1e990ea42fe976579e873	[log] [tgz]
author	Simon Butcher <simon.butcher@arm.com>	Sun Oct 28 16:58:29 2018 +0000
committer	Simon Butcher <simon.butcher@arm.com>	Sun Oct 28 16:58:29 2018 +0000
tree	e9c20cac82e2948e666a314926aa1d44769b6c51
parent	351c4f15f40e3131b3a5dcfde83a3f465cad3344 [diff]
parent	d6a0ed169f263cce2433cff109e6c6de79ff62dc [diff]