dany/luasec
1
0
Fork 0
mirror of https://github.com/brunoos/luasec.git synced 2024-11-07 22:18:27 +01:00
Code Issues Packages Projects Releases Wiki Activity

context: Link SSL_CTX to p_context (not lua_State)

Browse Source 
This is needed because the p_context is going to cache DH (and eventually
EC_KEY) objects, to plug a leak in the dhparam callback.
This commit is contained in:
Paul Aurich 2013-09-09 20:29:54 -07:00
parent 8cf7eb2d78
commit 0dab860770
2 changed files with 12 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

16
src/context.c
View File

@ -159,7 +159,9 @@ static DH *dhparam_cb(SSL *ssl, int is_export, int keylength)
lua_State *L;
DH *dh_tmp = NULL;
SSL_CTX *ctx = SSL_get_SSL_CTX(ssl);
L = (lua_State*)SSL_CTX_get_app_data(ctx);
p_context pctx = (p_context)SSL_CTX_get_app_data(ctx);
L = pctx->L;
/* Get the callback */
luaL_getmetatable(L, "SSL:DH:Registry");
@ -194,8 +196,9 @@ static int cert_verify_cb(X509_STORE_CTX *x509_ctx, void *ptr)
int verify;
lua_State *L;
SSL_CTX *ctx = (SSL_CTX*)ptr;
p_context pctx = (p_context)SSL_CTX_get_app_data(ctx);
L = (lua_State*)SSL_CTX_get_app_data(ctx);
L = pctx->L;
/* Get verify flags */
luaL_getmetatable(L, "SSL:Verify:Registry");
@ -226,6 +229,7 @@ static int verify_cb(int preverify_ok, X509_STORE_CTX *x509_ctx)
int verify;
SSL *ssl;
SSL_CTX *ctx;
p_context pctx;
lua_State *L;
/* Short-circuit optimization */
@ -235,7 +239,8 @@ static int verify_cb(int preverify_ok, X509_STORE_CTX *x509_ctx)
ssl = X509_STORE_CTX_get_ex_data(x509_ctx,
SSL_get_ex_data_X509_STORE_CTX_idx());
ctx = SSL_get_SSL_CTX(ssl);
L = (lua_State*)SSL_CTX_get_app_data(ctx);
pctx = (p_context)SSL_CTX_get_app_data(ctx);
L = pctx->L;
/* Get verify flags */
luaL_getmetatable(L, "SSL:Verify:Registry");
@ -296,13 +301,14 @@ static int create(lua_State *L)
return 2;
}
ctx->mode = LSEC_MODE_INVALID;
ctx->L = L;
luaL_getmetatable(L, "SSL:Context");
lua_setmetatable(L, -2);
/* No session support */
SSL_CTX_set_session_cache_mode(ctx->context, SSL_SESS_CACHE_OFF);
/* Link lua_State with the context */
SSL_CTX_set_app_data(ctx->context, (void*)L);
/* Link LuaSec context with the OpenSSL context */
SSL_CTX_set_app_data(ctx->context, ctx);
return 1;
}

1
src/context.h
View File

@ -21,6 +21,7 @@
typedef struct t_context_ {
SSL_CTX *context;
lua_State *L;
int mode;
} t_context;
typedef t_context* p_context;