summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorAlexander Bluhm <bluhm@cvs.openbsd.org>2018-10-04 17:04:51 +0000
committerAlexander Bluhm <bluhm@cvs.openbsd.org>2018-10-04 17:04:51 +0000
commit532427ffbdde9f958ac61de670f270bb9edb8544 (patch)
tree434b17b547facd3f40695900c73440b28f22bf38
parentb60f72a50f057dc16e150281f21280784ad349a0 (diff)
Plug TLS context leak in nc(1) server and client mode. Move
tls_free(3) directly after close(2) to catch all cases. based on a patch from Nan Xiao; OK tb@ deraadt@
-rw-r--r--usr.bin/nc/netcat.c22
1 files changed, 10 insertions, 12 deletions
diff --git a/usr.bin/nc/netcat.c b/usr.bin/nc/netcat.c
index 341e7e50485..3798dc760f1 100644
--- a/usr.bin/nc/netcat.c
+++ b/usr.bin/nc/netcat.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: netcat.c,v 1.194 2018/09/07 09:55:29 bluhm Exp $ */
+/* $OpenBSD: netcat.c,v 1.195 2018/10/04 17:04:50 bluhm Exp $ */
/*
* Copyright (c) 2001 Eric Jackson <ericj@monkey.org>
* Copyright (c) 2015 Bob Beck. All rights reserved.
@@ -543,8 +543,6 @@ main(int argc, char *argv[])
err(1, "pledge");
}
if (lflag) {
- struct tls *tls_cctx = NULL;
- int connfd;
ret = 0;
if (family == AF_UNIX) {
@@ -603,6 +601,9 @@ main(int argc, char *argv[])
readwrite(s, NULL);
} else {
+ struct tls *tls_cctx = NULL;
+ int connfd;
+
len = sizeof(cliaddr);
connfd = accept4(s, (struct sockaddr *)&cliaddr,
&len, SOCK_NONBLOCK);
@@ -618,12 +619,10 @@ main(int argc, char *argv[])
readwrite(connfd, tls_cctx);
if (!usetls)
readwrite(connfd, NULL);
- if (tls_cctx) {
+ if (tls_cctx)
timeout_tls(s, tls_cctx, tls_close);
- tls_free(tls_cctx);
- tls_cctx = NULL;
- }
close(connfd);
+ tls_free(tls_cctx);
}
if (family == AF_UNIX && uflag) {
if (connect(s, NULL, 0) < 0)
@@ -657,6 +656,8 @@ main(int argc, char *argv[])
for (s = -1, i = 0; portlist[i] != NULL; i++) {
if (s != -1)
close(s);
+ tls_free(tls_ctx);
+ tls_ctx = NULL;
if (usetls) {
if ((tls_ctx = tls_client()) == NULL)
@@ -707,18 +708,15 @@ main(int argc, char *argv[])
tls_setup_client(tls_ctx, s, host);
if (!zflag)
readwrite(s, tls_ctx);
- if (tls_ctx) {
+ if (tls_ctx)
timeout_tls(s, tls_ctx, tls_close);
- tls_free(tls_ctx);
- tls_ctx = NULL;
- }
}
}
}
if (s != -1)
close(s);
-
+ tls_free(tls_ctx);
tls_config_free(tls_cfg);
return ret;