From 02439d31682236223de0f032b33f35859ad3d83b Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Rapha=EBl=20Rigo?= Date: Tue, 10 Apr 2012 21:15:36 +0200 Subject: [PATCH 1/2] fix TLS free logic, fixing double free in issue #531 --- libfreerdp-core/transport.c | 10 ++++++++-- libfreerdp-crypto/tls.c | 6 +----- 2 files changed, 9 insertions(+), 7 deletions(-) diff --git a/libfreerdp-core/transport.c b/libfreerdp-core/transport.c index 309214903..06dab0ee0 100644 --- a/libfreerdp-core/transport.c +++ b/libfreerdp-core/transport.c @@ -92,8 +92,11 @@ boolean transport_connect_tls(rdpTransport* transport) transport->layer = TRANSPORT_LAYER_TLS; transport->tls->sockfd = transport->tcp->sockfd; - if (tls_connect(transport->tls) != true) + if (tls_connect(transport->tls) != true) { + tls_free(transport->tls); + transport->tls = NULL; return false; + } return true; } @@ -109,8 +112,11 @@ boolean transport_connect_nla(rdpTransport* transport) transport->layer = TRANSPORT_LAYER_TLS; transport->tls->sockfd = transport->tcp->sockfd; - if (tls_connect(transport->tls) != true) + if (tls_connect(transport->tls) != true) { + tls_free(transport->tls); + transport->tls = NULL; return false; + } /* Network Level Authentication */ diff --git a/libfreerdp-crypto/tls.c b/libfreerdp-crypto/tls.c index 26b1e1edc..5b5b65853 100644 --- a/libfreerdp-crypto/tls.c +++ b/libfreerdp-crypto/tls.c @@ -53,6 +53,7 @@ static void tls_free_certificate(CryptoCert cert) xfree(cert); } + boolean tls_connect(rdpTls* tls) { CryptoCert cert; @@ -80,15 +81,12 @@ boolean tls_connect(rdpTls* tls) if (tls->ssl == NULL) { - SSL_CTX_free(tls->ctx); printf("SSL_new failed\n"); return false; } if (SSL_set_fd(tls->ssl, tls->sockfd) < 1) { - SSL_free(tls->ssl); - SSL_CTX_free(tls->ctx); printf("SSL_set_fd failed\n"); return false; } @@ -99,8 +97,6 @@ boolean tls_connect(rdpTls* tls) { if (tls_print_error("SSL_connect", tls->ssl, connection_status)) { - SSL_free(tls->ssl); - SSL_CTX_free(tls->ctx); return false; } } From 26e49f28606eb29256fe17356e0b1fe455962f9d Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Rapha=C3=ABl=20Rigo?= Date: Tue, 10 Apr 2012 22:24:08 +0200 Subject: [PATCH 2/2] fix issue #530 "NLA password asked after certificate refusal" close connection when the certificate is not trusted --- libfreerdp-crypto/tls.c | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/libfreerdp-crypto/tls.c b/libfreerdp-crypto/tls.c index 5b5b65853..39ad75769 100644 --- a/libfreerdp-crypto/tls.c +++ b/libfreerdp-crypto/tls.c @@ -115,8 +115,12 @@ boolean tls_connect(rdpTls* tls) return false; } - if (!tls_verify_certificate(tls, cert, tls->settings->hostname)) + if (!tls_verify_certificate(tls, cert, tls->settings->hostname)) { + printf("tls_connect: certificate not trusted, aborting.\n"); tls_disconnect(tls); + tls_free_certificate(cert); + return false; + } tls_free_certificate(cert);