Merge remote-tracking branch 'public/pr/2071' into mbedtls-2.7-proposed

commit: 50f03ce4fb1237733a9f97d146e69a09d7fcbcdc [log] [tgz]
author: Simon Butcher <simon.butcher@arm.com> Sun Oct 28 16:55:12 2018 +0000
committer: Simon Butcher <simon.butcher@arm.com> Sun Oct 28 16:55:12 2018 +0000
tree: fceb2a7a6194233d075d67cb6763f70b5f23dba6
parent: 1222dddbd085e9584b8b84e04565b1864b654b90 [diff]
parent: 591cdb0daa21e26e512b7affc670772736836197 [diff]
diff --git a/ChangeLog b/ChangeLog
index aecf4a5..6bbd3f6 100644
--- a/ChangeLog
+++ b/ChangeLog

@@ -10,6 +10,10 @@
    * Fix a bug in the record decryption routine ssl_decrypt_buf()
      which lead to accepting properly authenticated but improperly
      padded records in case of CBC ciphersuites using Encrypt-then-MAC.
+   * Fix wrong order of freeing in programs/ssl/ssl_server2 example
+     application leading to a memory leak in case both
+     MBEDTLS_MEMORY_BUFFER_ALLOC_C and MBEDTLS_MEMORY_BACKTRACE are set.
+     Fixes #2069.
 
 Changes
    * Add tests for session resumption in DTLS.

diff --git a/programs/ssl/ssl_server2.c b/programs/ssl/ssl_server2.c
index a770f1b..df1fa18 100644
--- a/programs/ssl/ssl_server2.c
+++ b/programs/ssl/ssl_server2.c

@@ -2538,6 +2538,8 @@
     mbedtls_ssl_cookie_free( &cookie_ctx );
 #endif
 
+    mbedtls_free( buf );
+
 #if defined(MBEDTLS_MEMORY_BUFFER_ALLOC_C)
 #if defined(MBEDTLS_MEMORY_DEBUG)
     mbedtls_memory_buffer_alloc_status();
@@ -2545,7 +2547,6 @@
     mbedtls_memory_buffer_alloc_free();
 #endif
 
-    mbedtls_free( buf );
     mbedtls_printf( " done.\n" );
 
 #if defined(_WIN32)
commit	50f03ce4fb1237733a9f97d146e69a09d7fcbcdc	[log] [tgz]
author	Simon Butcher <simon.butcher@arm.com>	Sun Oct 28 16:55:12 2018 +0000
committer	Simon Butcher <simon.butcher@arm.com>	Sun Oct 28 16:55:12 2018 +0000
tree	fceb2a7a6194233d075d67cb6763f70b5f23dba6
parent	1222dddbd085e9584b8b84e04565b1864b654b90 [diff]
parent	591cdb0daa21e26e512b7affc670772736836197 [diff]