From e1b1d82aab47c6aab1e3acc36aa0db85a3a980be Mon Sep 17 00:00:00 2001 From: Matt Caswell Date: Tue, 25 Nov 2014 13:36:00 +0000 Subject: Fixed memory leak due to incorrect freeing of DTLS reassembly bit mask PR#3608 Reviewed-by: Tim Hudson (cherry picked from commit 8a35dbb6d89a16d792b79b157b3e89443639ec94) --- ssl/d1_both.c | 3 +-- ssl/d1_lib.c | 6 ++---- ssl/ssl_locl.h | 1 + 3 files changed, 4 insertions(+), 6 deletions(-) (limited to 'ssl') diff --git a/ssl/d1_both.c b/ssl/d1_both.c index 6111047196..97762b9cfd 100644 --- a/ssl/d1_both.c +++ b/ssl/d1_both.c @@ -211,8 +211,7 @@ dtls1_hm_fragment_new(unsigned long frag_len, int reassembly) return frag; } -static void -dtls1_hm_fragment_free(hm_fragment *frag) +void dtls1_hm_fragment_free(hm_fragment *frag) { if (frag->msg_header.is_ccs) diff --git a/ssl/d1_lib.c b/ssl/d1_lib.c index 83db13e571..9f8b33b193 100644 --- a/ssl/d1_lib.c +++ b/ssl/d1_lib.c @@ -160,16 +160,14 @@ static void dtls1_clear_queues(SSL *s) while( (item = pqueue_pop(s->d1->buffered_messages)) != NULL) { frag = (hm_fragment *)item->data; - OPENSSL_free(frag->fragment); - OPENSSL_free(frag); + dtls1_hm_fragment_free(frag); pitem_free(item); } while ( (item = pqueue_pop(s->d1->sent_messages)) != NULL) { frag = (hm_fragment *)item->data; - OPENSSL_free(frag->fragment); - OPENSSL_free(frag); + dtls1_hm_fragment_free(frag); pitem_free(item); } diff --git a/ssl/ssl_locl.h b/ssl/ssl_locl.h index 2a80b8aff6..cdf9385692 100644 --- a/ssl/ssl_locl.h +++ b/ssl/ssl_locl.h @@ -964,6 +964,7 @@ int dtls1_is_timer_expired(SSL *s); void dtls1_double_timeout(SSL *s); int dtls1_send_newsession_ticket(SSL *s); unsigned int dtls1_min_mtu(void); +void dtls1_hm_fragment_free(hm_fragment *frag); /* some client-only functions */ int ssl3_client_hello(SSL *s); -- cgit v1.2.3