mirrors/wolfssl
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Fix to not allow free for globally cached sessions. Resolves a false-positive scan-build warning.

Browse Source
This commit is contained in:
David Garske 2020-11-12 12:51:41 -08:00
parent 38867ae2bf
commit b931b1bd4d
3 changed files with 24 additions and 11 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
doc/dox_comments/header_files/ssl.h
View File

@ -2340,7 +2340,7 @@ WOLFSSL_API void wolfSSL_flush_sessions(WOLFSSL_CTX*, long);
\brief This function associates the client session with the server id. \brief This function associates the client session with the server id.
If the newSession flag is on, an existing session wont be reused. If the newSession flag is on, an existing session wont be reused.
\return SSL_SUCCESS returned if the finction executed without error. \return SSL_SUCCESS returned if the function executed without error.
\return BAD_FUNC_ARG returned if the WOLFSSL struct or id parameter \return BAD_FUNC_ARG returned if the WOLFSSL struct or id parameter
is NULL or if len is not greater than zero. is NULL or if len is not greater than zero.
@ -2361,7 +2361,7 @@ WOLFSSL_API void wolfSSL_flush_sessions(WOLFSSL_CTX*, long);
int ret = wolfSSL_SetServerID(ssl, id, len, newSession); int ret = wolfSSL_SetServerID(ssl, id, len, newSession);
if(ret){ if (ret == WOLFSSL_SUCCESS) {
// The Id was successfully set // The Id was successfully set
} }
\endcode \endcode

23
src/ssl.c
View File

@ -10530,7 +10530,7 @@ int wolfSSL_SetServerID(WOLFSSL* ssl, const byte* id, int len, int newSession)
if (session) { if (session) {
if (SetSession(ssl, session) != WOLFSSL_SUCCESS) { if (SetSession(ssl, session) != WOLFSSL_SUCCESS) {
#ifdef HAVE_EXT_CACHE #ifdef HAVE_EXT_CACHE
wolfSSL_SESSION_free(session); FreeSession(session, 0);
#endif #endif
WOLFSSL_MSG("SetSession failed"); WOLFSSL_MSG("SetSession failed");
session = NULL; session = NULL;
@ -10546,7 +10546,7 @@ int wolfSSL_SetServerID(WOLFSSL* ssl, const byte* id, int len, int newSession)
} }
#ifdef HAVE_EXT_CACHE #ifdef HAVE_EXT_CACHE
else else
wolfSSL_SESSION_free(session); FreeSession(session, 0);
#endif #endif
return WOLFSSL_SUCCESS; return WOLFSSL_SUCCESS;
@ -13344,7 +13344,7 @@ int AddSession(WOLFSSL* ssl)
if (error == 0 && ssl->ctx->new_sess_cb != NULL) if (error == 0 && ssl->ctx->new_sess_cb != NULL)
ssl->ctx->new_sess_cb(ssl, session); ssl->ctx->new_sess_cb(ssl, session);
if (ssl->options.internalCacheOff) if (ssl->options.internalCacheOff)
wolfSSL_SESSION_free(session); FreeSession(session, 0);
#endif #endif
return error; return error;
@ -19854,7 +19854,7 @@ WOLFSSL_SESSION* wolfSSL_SESSION_dup(WOLFSSL_SESSION* session)
#endif /* HAVE_EXT_CACHE */ #endif /* HAVE_EXT_CACHE */
} }
void wolfSSL_SESSION_free(WOLFSSL_SESSION* session) void FreeSession(WOLFSSL_SESSION* session, int isAlloced)
{ {
if (session == NULL) if (session == NULL)
return; return;
@ -19878,7 +19878,7 @@ void wolfSSL_SESSION_free(WOLFSSL_SESSION* session)
wc_UnLockMutex(&session->refMutex); wc_UnLockMutex(&session->refMutex);
#endif #endif
#if defined(HAVE_EXT_CACHE) || defined(OPENSSL_EXTRA) #if defined(HAVE_EXT_CACHE) || defined(OPENSSL_EXTRA)
if (session->isAlloced) { if (isAlloced) {
#ifdef HAVE_SESSION_TICKET #ifdef HAVE_SESSION_TICKET
if (session->isDynamic) if (session->isDynamic)
XFREE(session->ticket, NULL, DYNAMIC_TYPE_SESSION_TICK); XFREE(session->ticket, NULL, DYNAMIC_TYPE_SESSION_TICK);
@ -19888,9 +19888,22 @@ void wolfSSL_SESSION_free(WOLFSSL_SESSION* session)
#else #else
/* No need to free since cache is static */ /* No need to free since cache is static */
(void)session; (void)session;
(void)isAlloced;
#endif #endif
} }
void wolfSSL_SESSION_free(WOLFSSL_SESSION* session)
{
if (session == NULL)
return;
#if defined(HAVE_EXT_CACHE) || defined(OPENSSL_EXTRA)
FreeSession(session, session->isAlloced);
#else
FreeSession(session, 0);
#endif #endif
}
#endif /* OPENSSL_EXTRA || HAVE_EXT_CACHE */
/* helper function that takes in a protocol version struct and returns string */ /* helper function that takes in a protocol version struct and returns string */

8
wolfssl/internal.h
View File

@ -3221,14 +3221,14 @@ struct WOLFSSL_SESSION {
}; };
WOLFSSL_LOCAL WOLFSSL_LOCAL WOLFSSL_SESSION* GetSession(WOLFSSL*, byte*, byte);
WOLFSSL_SESSION* GetSession(WOLFSSL*, byte*, byte); WOLFSSL_LOCAL int SetSession(WOLFSSL*, WOLFSSL_SESSION*);
WOLFSSL_LOCAL WOLFSSL_LOCAL void FreeSession(WOLFSSL_SESSION*, int);
int SetSession(WOLFSSL*, WOLFSSL_SESSION*);
typedef int (*hmacfp) (WOLFSSL*, byte*, const byte*, word32, int, int, int, int); typedef int (*hmacfp) (WOLFSSL*, byte*, const byte*, word32, int, int, int, int);
#ifndef NO_CLIENT_CACHE #ifndef NO_CLIENT_CACHE
WOLFSSL_LOCAL
WOLFSSL_SESSION* GetSessionClient(WOLFSSL*, const byte*, int); WOLFSSL_SESSION* GetSessionClient(WOLFSSL*, const byte*, int);
#endif #endif