From 1d920fc13c9a97ac885bfc7e236164cb6ad6c37a Mon Sep 17 00:00:00 2001 From: Paul Aurich Date: Mon, 9 Sep 2013 21:02:41 -0700 Subject: [PATCH] context: Don't leak DH* in dhparam_cb ==1429== 336 (144 direct, 192 indirect) bytes in 1 blocks are definitely lost in loss record 567 of 611 ... ==1429== by 0x5ECCBC7: PEM_ASN1_read_bio (in /lib/x86_64-linux-gnu/libcrypto.so.1.0.0) ==1429== by 0x4E39D8F: dhparam_cb (context.c:184) ==1429== by 0x5B679D3: ??? (in /lib/x86_64-linux-gnu/libssl.so.1.0.0) ==1429== by 0x5B6A6EE: ??? (in /lib/x86_64-linux-gnu/libssl.so.1.0.0) ==1429== by 0x4E3C00D: meth_handshake (ssl.c:103) ... --- src/context.c | 16 ++++++++++++++++ src/context.h | 1 + 2 files changed, 17 insertions(+) diff --git a/src/context.c b/src/context.c index f02608a..1afebaa 100644 --- a/src/context.c +++ b/src/context.c @@ -184,6 +184,16 @@ static DH *dhparam_cb(SSL *ssl, int is_export, int keylength) dh_tmp = PEM_read_bio_DHparams(bio, NULL, NULL, NULL); BIO_free(bio); } + + /* + * OpenSSL exepcts the callback to maintain a reference to the DH*. So, + * cache it here, and clean up the previous set of parameters. Any remaining + * set is cleaned up when destroying the LuaSec context. + */ + if (pctx->dh_param) + DH_free(pctx->dh_param); + pctx->dh_param = dh_tmp; + lua_pop(L, 2); /* Remove values from stack */ return dh_tmp; } @@ -293,6 +303,7 @@ static int create(lua_State *L) lua_pushstring(L, "error creating context"); return 2; } + memset(ctx, 0, sizeof(t_context)); ctx->context = SSL_CTX_new(method); if (!ctx->context) { lua_pushnil(L); @@ -582,6 +593,11 @@ static int meth_destroy(lua_State *L) SSL_CTX_free(ctx->context); ctx->context = NULL; } + if (ctx->dh_param) { + DH_free(ctx->dh_param); + ctx->dh_param = NULL; + } + return 0; } diff --git a/src/context.h b/src/context.h index 5f358e3..2ad322f 100644 --- a/src/context.h +++ b/src/context.h @@ -22,6 +22,7 @@ typedef struct t_context_ { SSL_CTX *context; lua_State *L; + DH *dh_param; int mode; } t_context; typedef t_context* p_context;