1. openvpn
  2. Commit 07036fd3c456ed4ebf1809d8d9f34941d42865d0
Browse code

Plug memory leak if push is interrupted

If a push is interrupted due to a timeout, c->c2.pulled_options_state is
never freed. Fix that by always cleaning up any remaining pulled
options state when we close a connection.

This changes the mbedtls implementation of md_ctx_cleanup to actually
clean up the context, which was not needed earlier.

Signed-off-by: Steffan Karger <steffan.karger@fox-it.com>
Acked-by: Gert Doering <gert@greenie.muc.de>
Message-Id: <1516194984-1540-1-git-send-email-steffan.karger@fox-it.com>
URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg16265.html
Signed-off-by: Gert Doering <gert@greenie.muc.de>

Steffan Karger authored on 2018/01/17 22:16:24
Showing 2 changed files
src/openvpn/crypto_mbedtls.c
History View file @ 07036fd
... ... 
@@ -804,6 +804,7 @@ md_ctx_init(mbedtls_md_context_t *ctx, const mbedtls_md_info_t *kt)
804 804 
 void
805 805 
 md_ctx_cleanup(mbedtls_md_context_t *ctx)
806 806 
 {
807 
+    mbedtls_md_free(ctx);
807 808 
 }
808 809
809 810 
 int
src/openvpn/init.c
History View file @ 07036fd
... ... 
@@ -3384,6 +3384,12 @@ do_close_tls(struct context *c)
3384 3384 
     }
3385 3385 
     c->c2.options_string_local = c->c2.options_string_remote = NULL;
3386 3386 
 #endif
3387 
+
3388 
+    if (c->c2.pulled_options_state)
3389 
+    {
3390 
+        md_ctx_cleanup(c->c2.pulled_options_state);
3391 
+        md_ctx_free(c->c2.pulled_options_state);
3392 
+    }
3387 3393 
 }
3388 3394
3389 3395 
 /*