commit 61d113bb7b976d543569b2627fc1906652309067
author Paul Bakker <p.j.bakker@polarssl.org> Thu Jul 04 11:51:43 2013 +0200
committer Paul Bakker <p.j.bakker@polarssl.org> Tue Jul 16 17:48:58 2013 +0200
tree 28f489e268042066c502b4bf810a9012e208f76b
parent 8647eecf9026a0e2cf75d00286362a16eed73fda

Init and free new contexts in the right place for SSL to prevent
memory leaks

library/ssl_cli.c

diff --git a/library/ssl_cli.c b/library/ssl_cli.c
index 6496b84..66ebcef 100644
--- a/library/ssl_cli.c
+++ b/library/ssl_cli.c
@@ -824,8 +824,6 @@
      *     ECPoint      public;
      * } ServerECDHParams;
      */
-    ecdh_init( &ssl->handshake->ecdh_ctx );
-
     if( ( ret = ecdh_read_params( &ssl->handshake->ecdh_ctx,
                                   (const unsigned char **) p, end ) ) != 0 )
     {

library/ssl_srv.c

diff --git a/library/ssl_srv.c b/library/ssl_srv.c
index 451d445..c6a8273 100644
--- a/library/ssl_srv.c
+++ b/library/ssl_srv.c
@@ -1304,7 +1304,6 @@
          *     ECPoint      public;
          * } ServerECDHParams;
          */
-        ecdh_init( &ssl->handshake->ecdh_ctx );
         if( ( ret = ecp_use_known_dp( &ssl->handshake->ecdh_ctx.grp,
                                        ssl->handshake->ec_curve ) ) != 0 )
         {
@@ -1423,6 +1422,13 @@
             md_update( &ctx, ssl->handshake->randbytes, 64 );
             md_update( &ctx, dig_sig, dig_sig_len );
             md_finish( &ctx, hash );
+
+            if( ( ret = md_free_ctx( &ctx ) ) != 0 )
+            {
+                SSL_DEBUG_RET( 1, "md_free_ctx", ret );
+                return( ret );
+            }
+
         }
 
         SSL_DEBUG_BUF( 3, "parameters hash", hash, hashlen );

library/ssl_tls.c

diff --git a/library/ssl_tls.c b/library/ssl_tls.c
index cea90eb..dfeed33 100644
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c
@@ -318,6 +318,7 @@
     unsigned int iv_copy_len;
     const cipher_info_t *cipher_info;
     const md_info_t *md_info;
+    int ret;
 
     ssl_session *session = ssl->session_negotiate;
     ssl_transform *transform = ssl->transform_negotiate;
@@ -444,8 +445,17 @@
     {
         if( md_info->type != POLARSSL_MD_NONE )
         {
-            md_init_ctx( &transform->md_ctx_enc, md_info );
-            md_init_ctx( &transform->md_ctx_dec, md_info );
+            if( ( ret = md_init_ctx( &transform->md_ctx_enc, md_info ) ) != 0 )
+            {
+                SSL_DEBUG_RET( 1, "md_init_ctx", ret );
+                return( ret );
+            }
+
+            if( ( ret = md_init_ctx( &transform->md_ctx_dec, md_info ) ) != 0 )
+            {
+                SSL_DEBUG_RET( 1, "md_init_ctx", ret );
+                return( ret );
+            }
 
             transform->maclen = md_get_size( md_info );
         }
@@ -2743,6 +2753,10 @@
     ssl->handshake->update_checksum = ssl_update_checksum_start;
     ssl->handshake->sig_alg = SSL_HASH_SHA1;
 
+#if defined(POLARSSL_ECDH_C)
+    ecdh_init( &ssl->handshake->ecdh_ctx );
+#endif
+
     return( 0 );
 }
 
@@ -3436,6 +3450,9 @@
     inflateEnd( &transform->ctx_inflate );
 #endif
 
+    md_free_ctx( &transform->md_ctx_enc );
+    md_free_ctx( &transform->md_ctx_dec );
+
     memset( transform, 0, sizeof( ssl_transform ) );
 }
 
@@ -3444,6 +3461,10 @@
 #if defined(POLARSSL_DHM_C)
     dhm_free( &handshake->dhm_ctx );
 #endif
+#if defined(POLARSSL_ECDH_C)
+    ecdh_free( &handshake->ecdh_ctx );
+#endif
+
     memset( handshake, 0, sizeof( ssl_handshake_params ) );
 }