Fix to not allow free for globally cached sessions. Resolves a false-positive scan-build warning.

2020-11-12 12:51:41 -08:00 · 2020-11-12 12:51:41 -08:00 · b931b1bd4d
commit b931b1bd4d
parent 38867ae2bf
3 changed files with 24 additions and 11 deletions
--- a/doc/dox_comments/header_files/ssl.h
+++ b/doc/dox_comments/header_files/ssl.h
@ -2340,7 +2340,7 @@ WOLFSSL_API void       wolfSSL_flush_sessions(WOLFSSL_CTX*, long);
    \brief This function associates the client session with the server id.
    If the newSession flag is on, an existing session won’t be reused.

-    \return SSL_SUCCESS returned if the finction executed without error.
+    \return SSL_SUCCESS returned if the function executed without error.
    \return BAD_FUNC_ARG returned if the WOLFSSL struct or id parameter
    is NULL or if len is not greater than zero.

@ -2361,7 +2361,7 @@ WOLFSSL_API void       wolfSSL_flush_sessions(WOLFSSL_CTX*, long);
    …
    int ret = wolfSSL_SetServerID(ssl, id, len, newSession);

-    if(ret){
+    if (ret == WOLFSSL_SUCCESS) {
 	    // The Id was successfully set
    }
    \endcode
--- a/src/ssl.c
+++ b/src/ssl.c
@ -10530,7 +10530,7 @@ int wolfSSL_SetServerID(WOLFSSL* ssl, const byte* id, int len, int newSession)
        if (session) {
            if (SetSession(ssl, session) != WOLFSSL_SUCCESS) {
    #ifdef HAVE_EXT_CACHE
-                wolfSSL_SESSION_free(session);
+                FreeSession(session, 0);
    #endif
                WOLFSSL_MSG("SetSession failed");
                session = NULL;
@ -10546,7 +10546,7 @@ int wolfSSL_SetServerID(WOLFSSL* ssl, const byte* id, int len, int newSession)
    }
    #ifdef HAVE_EXT_CACHE
    else
-        wolfSSL_SESSION_free(session);
+        FreeSession(session, 0);
    #endif

    return WOLFSSL_SUCCESS;
@ -13344,7 +13344,7 @@ int AddSession(WOLFSSL* ssl)
    if (error == 0 && ssl->ctx->new_sess_cb != NULL)
        ssl->ctx->new_sess_cb(ssl, session);
    if (ssl->options.internalCacheOff)
-        wolfSSL_SESSION_free(session);
+        FreeSession(session, 0);
 #endif

    return error;
@ -19854,7 +19854,7 @@ WOLFSSL_SESSION* wolfSSL_SESSION_dup(WOLFSSL_SESSION* session)
 #endif /* HAVE_EXT_CACHE */
 }

-void wolfSSL_SESSION_free(WOLFSSL_SESSION* session)
+void FreeSession(WOLFSSL_SESSION* session, int isAlloced)
 {
    if (session == NULL)
        return;
@ -19878,7 +19878,7 @@ void wolfSSL_SESSION_free(WOLFSSL_SESSION* session)
    wc_UnLockMutex(&session->refMutex);
 #endif
 #if defined(HAVE_EXT_CACHE) || defined(OPENSSL_EXTRA)
-    if (session->isAlloced) {
+    if (isAlloced) {
    #ifdef HAVE_SESSION_TICKET
        if (session->isDynamic)
            XFREE(session->ticket, NULL, DYNAMIC_TYPE_SESSION_TICK);
@ -19888,9 +19888,22 @@ void wolfSSL_SESSION_free(WOLFSSL_SESSION* session)
 #else
    /* No need to free since cache is static */
    (void)session;
+    (void)isAlloced;
 #endif
 }
+
+void wolfSSL_SESSION_free(WOLFSSL_SESSION* session)
+{
+    if (session == NULL)
+        return;
+    
+#if defined(HAVE_EXT_CACHE) || defined(OPENSSL_EXTRA)
+    FreeSession(session, session->isAlloced);
+#else
+    FreeSession(session, 0);
 #endif
+}
+#endif /* OPENSSL_EXTRA || HAVE_EXT_CACHE */


 /* helper function that takes in a protocol version struct and returns string */
--- a/wolfssl/internal.h
+++ b/wolfssl/internal.h
@ -3221,14 +3221,14 @@ struct WOLFSSL_SESSION {
 };


-WOLFSSL_LOCAL
-WOLFSSL_SESSION* GetSession(WOLFSSL*, byte*, byte);
-WOLFSSL_LOCAL
-int          SetSession(WOLFSSL*, WOLFSSL_SESSION*);
+WOLFSSL_LOCAL WOLFSSL_SESSION* GetSession(WOLFSSL*, byte*, byte);
+WOLFSSL_LOCAL int              SetSession(WOLFSSL*, WOLFSSL_SESSION*);
+WOLFSSL_LOCAL void             FreeSession(WOLFSSL_SESSION*, int);

 typedef int (*hmacfp) (WOLFSSL*, byte*, const byte*, word32, int, int, int, int);

 #ifndef NO_CLIENT_CACHE
+    WOLFSSL_LOCAL
    WOLFSSL_SESSION* GetSessionClient(WOLFSSL*, const byte*, int);
 #endif