mirror of
https://github.com/brunoos/luasec.git
synced 2024-10-05 01:56:39 +02:00
context: Link SSL_CTX to p_context (not lua_State)
This is needed because the p_context is going to cache DH (and eventually EC_KEY) objects, to plug a leak in the dhparam callback.
This commit is contained in:
Paul Aurich
parent
8cf7eb2d78
commit
0dab860770
@ -159,7 +159,9 @@ static DH *dhparam_cb(SSL *ssl, int is_export, int keylength)
|
|||||||
lua_State *L;
|
lua_State *L;
|
||||||
DH *dh_tmp = NULL;
|
DH *dh_tmp = NULL;
|
||||||
SSL_CTX *ctx = SSL_get_SSL_CTX(ssl);
|
SSL_CTX *ctx = SSL_get_SSL_CTX(ssl);
|
||||||
L = (lua_State*)SSL_CTX_get_app_data(ctx);
|
p_context pctx = (p_context)SSL_CTX_get_app_data(ctx);
|
||||||
|
|
||||||
|
L = pctx->L;
|
||||||
|
|
||||||
/* Get the callback */
|
/* Get the callback */
|
||||||
luaL_getmetatable(L, "SSL:DH:Registry");
|
luaL_getmetatable(L, "SSL:DH:Registry");
|
||||||
@ -194,8 +196,9 @@ static int cert_verify_cb(X509_STORE_CTX *x509_ctx, void *ptr)
|
|||||||
int verify;
|
int verify;
|
||||||
lua_State *L;
|
lua_State *L;
|
||||||
SSL_CTX *ctx = (SSL_CTX*)ptr;
|
SSL_CTX *ctx = (SSL_CTX*)ptr;
|
||||||
|
p_context pctx = (p_context)SSL_CTX_get_app_data(ctx);
|
||||||
|
|
||||||
L = (lua_State*)SSL_CTX_get_app_data(ctx);
|
L = pctx->L;
|
||||||
|
|
||||||
/* Get verify flags */
|
/* Get verify flags */
|
||||||
luaL_getmetatable(L, "SSL:Verify:Registry");
|
luaL_getmetatable(L, "SSL:Verify:Registry");
|
||||||
@ -226,6 +229,7 @@ static int verify_cb(int preverify_ok, X509_STORE_CTX *x509_ctx)
|
|||||||
int verify;
|
int verify;
|
||||||
SSL *ssl;
|
SSL *ssl;
|
||||||
SSL_CTX *ctx;
|
SSL_CTX *ctx;
|
||||||
|
p_context pctx;
|
||||||
lua_State *L;
|
lua_State *L;
|
||||||
|
|
||||||
/* Short-circuit optimization */
|
/* Short-circuit optimization */
|
||||||
@ -235,7 +239,8 @@ static int verify_cb(int preverify_ok, X509_STORE_CTX *x509_ctx)
|
|||||||
ssl = X509_STORE_CTX_get_ex_data(x509_ctx,
|
ssl = X509_STORE_CTX_get_ex_data(x509_ctx,
|
||||||
SSL_get_ex_data_X509_STORE_CTX_idx());
|
SSL_get_ex_data_X509_STORE_CTX_idx());
|
||||||
ctx = SSL_get_SSL_CTX(ssl);
|
ctx = SSL_get_SSL_CTX(ssl);
|
||||||
L = (lua_State*)SSL_CTX_get_app_data(ctx);
|
pctx = (p_context)SSL_CTX_get_app_data(ctx);
|
||||||
|
L = pctx->L;
|
||||||
|
|
||||||
/* Get verify flags */
|
/* Get verify flags */
|
||||||
luaL_getmetatable(L, "SSL:Verify:Registry");
|
luaL_getmetatable(L, "SSL:Verify:Registry");
|
||||||
@ -296,13 +301,14 @@ static int create(lua_State *L)
|
|||||||
return 2;
|
return 2;
|
||||||
}
|
}
|
||||||
ctx->mode = LSEC_MODE_INVALID;
|
ctx->mode = LSEC_MODE_INVALID;
|
||||||
|
ctx->L = L;
|
||||||
luaL_getmetatable(L, "SSL:Context");
|
luaL_getmetatable(L, "SSL:Context");
|
||||||
lua_setmetatable(L, -2);
|
lua_setmetatable(L, -2);
|
||||||
|
|
||||||
/* No session support */
|
/* No session support */
|
||||||
SSL_CTX_set_session_cache_mode(ctx->context, SSL_SESS_CACHE_OFF);
|
SSL_CTX_set_session_cache_mode(ctx->context, SSL_SESS_CACHE_OFF);
|
||||||
/* Link lua_State with the context */
|
/* Link LuaSec context with the OpenSSL context */
|
||||||
SSL_CTX_set_app_data(ctx->context, (void*)L);
|
SSL_CTX_set_app_data(ctx->context, ctx);
|
||||||
|
|
||||||
return 1;
|
return 1;
|
||||||
}
|
}
|
||||||
|
|||||||
@ -21,6 +21,7 @@
|
|||||||
|
|
||||||
typedef struct t_context_ {
|
typedef struct t_context_ {
|
||||||
SSL_CTX *context;
|
SSL_CTX *context;
|
||||||
|
lua_State *L;
|
||||||
int mode;
|
int mode;
|
||||||
} t_context;
|
} t_context;
|
||||||
typedef t_context* p_context;
|
typedef t_context* p_context;
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user