fix dtls cookie leak

2015-09-14 17:13:16 -07:00 · 2015-09-14 17:13:16 -07:00 · 9bdcd59338
commit 9bdcd59338
parent 9ceb89b114
3 changed files with 16 additions and 5 deletions
--- a/src/internal.c
+++ b/src/internal.c
@ -1999,7 +1999,11 @@ void SSL_ResourceFree(WOLFSSL* ssl)
    }
    XFREE(ssl->buffers.dtlsCtx.peer.sa, ssl->heap, DYNAMIC_TYPE_SOCKADDR);
    ssl->buffers.dtlsCtx.peer.sa = NULL;
+#ifndef NO_WOLFSSL_SERVER
+    XFREE(ssl->buffers.dtlsCookieSecret.buffer, ssl->heap,
+          DYNAMIC_TYPE_COOKIE_PWD);
 #endif
+#endif /* WOLFSSL_DTLS */
 #if defined(KEEP_PEER_CERT) || defined(GOAHEAD_WS)
    FreeX509(&ssl->peerCert);
 #endif
@ -14279,7 +14283,7 @@ int DoSessionTicket(WOLFSSL* ssl,
 #ifdef WOLFSSL_DTLS
        Hmac            cookieHmac;
        byte            peerCookie[MAX_COOKIE_LEN];
-        byte            peerCookieSz;
+        byte            peerCookieSz = 0;
        byte            cookieType;
        byte            cookieSz;
 #endif /* WOLFSSL_DTLS */
--- a/src/ssl.c
+++ b/src/ssl.c
@ -34,6 +34,12 @@
 #include <wolfssl/internal.h>
 #include <wolfssl/error-ssl.h>
 #include <wolfssl/wolfcrypt/coding.h>
+#ifdef NO_INLINE
+    #include <wolfssl/wolfcrypt/misc.h>
+#else
+    #include <wolfcrypt/src/misc.c>
+#endif
+

 #ifndef WOLFSSL_ALLOW_NO_SUITES
    #if defined(NO_DH) && !defined(HAVE_ECC) && !defined(WOLFSSL_STATIC_RSA) \
@ -5492,13 +5498,13 @@ int wolfSSL_DTLS_SetCookieSecret(WOLFSSL* ssl,
        byte* newSecret;

        if (ssl->buffers.dtlsCookieSecret.buffer != NULL) {
-            XMEMSET(ssl->buffers.dtlsCookieSecret.buffer, 0,
-                    ssl->buffers.dtlsCookieSecret.length);
+            ForceZero(ssl->buffers.dtlsCookieSecret.buffer,
+                      ssl->buffers.dtlsCookieSecret.length);
            XFREE(ssl->buffers.dtlsCookieSecret.buffer,
                  ssl->heap, DYNAMIC_TYPE_NONE);
        }

-        newSecret = (byte*)XMALLOC(secretSz, ssl->heap, DYNAMIC_TYPE_NONE);
+        newSecret = (byte*)XMALLOC(secretSz, ssl->heap,DYNAMIC_TYPE_COOKIE_PWD);
        if (newSecret == NULL) {
            ssl->buffers.dtlsCookieSecret.buffer = NULL;
            ssl->buffers.dtlsCookieSecret.length = 0;
--- a/wolfssl/wolfcrypt/types.h
+++ b/wolfssl/wolfcrypt/types.h
@ -281,7 +281,8 @@
 	    DYNAMIC_TYPE_OCSP         = 44,
 	    DYNAMIC_TYPE_SIGNATURE    = 45,
 	    DYNAMIC_TYPE_HASHES       = 46,
-		DYNAMIC_TYPE_SRP          = 47,
+        DYNAMIC_TYPE_SRP          = 47,
+        DYNAMIC_TYPE_COOKIE_PWD   = 48
 	};

 	/* max error buffer string size */