diff options
author | Alexander Bluhm <bluhm@cvs.openbsd.org> | 2018-10-04 17:04:51 +0000 |
---|---|---|
committer | Alexander Bluhm <bluhm@cvs.openbsd.org> | 2018-10-04 17:04:51 +0000 |
commit | 532427ffbdde9f958ac61de670f270bb9edb8544 (patch) | |
tree | 434b17b547facd3f40695900c73440b28f22bf38 | |
parent | b60f72a50f057dc16e150281f21280784ad349a0 (diff) |
Plug TLS context leak in nc(1) server and client mode. Move
tls_free(3) directly after close(2) to catch all cases.
based on a patch from Nan Xiao; OK tb@ deraadt@
-rw-r--r-- | usr.bin/nc/netcat.c | 22 |
1 files changed, 10 insertions, 12 deletions
diff --git a/usr.bin/nc/netcat.c b/usr.bin/nc/netcat.c index 341e7e50485..3798dc760f1 100644 --- a/usr.bin/nc/netcat.c +++ b/usr.bin/nc/netcat.c @@ -1,4 +1,4 @@ -/* $OpenBSD: netcat.c,v 1.194 2018/09/07 09:55:29 bluhm Exp $ */ +/* $OpenBSD: netcat.c,v 1.195 2018/10/04 17:04:50 bluhm Exp $ */ /* * Copyright (c) 2001 Eric Jackson <ericj@monkey.org> * Copyright (c) 2015 Bob Beck. All rights reserved. @@ -543,8 +543,6 @@ main(int argc, char *argv[]) err(1, "pledge"); } if (lflag) { - struct tls *tls_cctx = NULL; - int connfd; ret = 0; if (family == AF_UNIX) { @@ -603,6 +601,9 @@ main(int argc, char *argv[]) readwrite(s, NULL); } else { + struct tls *tls_cctx = NULL; + int connfd; + len = sizeof(cliaddr); connfd = accept4(s, (struct sockaddr *)&cliaddr, &len, SOCK_NONBLOCK); @@ -618,12 +619,10 @@ main(int argc, char *argv[]) readwrite(connfd, tls_cctx); if (!usetls) readwrite(connfd, NULL); - if (tls_cctx) { + if (tls_cctx) timeout_tls(s, tls_cctx, tls_close); - tls_free(tls_cctx); - tls_cctx = NULL; - } close(connfd); + tls_free(tls_cctx); } if (family == AF_UNIX && uflag) { if (connect(s, NULL, 0) < 0) @@ -657,6 +656,8 @@ main(int argc, char *argv[]) for (s = -1, i = 0; portlist[i] != NULL; i++) { if (s != -1) close(s); + tls_free(tls_ctx); + tls_ctx = NULL; if (usetls) { if ((tls_ctx = tls_client()) == NULL) @@ -707,18 +708,15 @@ main(int argc, char *argv[]) tls_setup_client(tls_ctx, s, host); if (!zflag) readwrite(s, tls_ctx); - if (tls_ctx) { + if (tls_ctx) timeout_tls(s, tls_ctx, tls_close); - tls_free(tls_ctx); - tls_ctx = NULL; - } } } } if (s != -1) close(s); - + tls_free(tls_ctx); tls_config_free(tls_cfg); return ret; |