From b11cb21603484bb21a3f0ac08b36ce4d7308621e Mon Sep 17 00:00:00 2001 From: Joel Sing Date: Sat, 26 Sep 2020 14:43:18 +0000 Subject: Call dtls1_hm_fragment_free() from dtls1_drain_fragments() Currently dtls1_drain_fragments() has a incomplete handrolled version of dtls1_hm_fragment_free(), which has the potential to leak memory. Replace the handrolled free with a call to dtls1_hm_fragment_free(). ok inoguchi@ tb@ --- lib/libssl/d1_lib.c | 9 ++++----- 1 file changed, 4 insertions(+), 5 deletions(-) (limited to 'lib/libssl/d1_lib.c') diff --git a/lib/libssl/d1_lib.c b/lib/libssl/d1_lib.c index b2f05452c8b..b7d23ef4ca4 100644 --- a/lib/libssl/d1_lib.c +++ b/lib/libssl/d1_lib.c @@ -1,4 +1,4 @@ -/* $OpenBSD: d1_lib.c,v 1.49 2020/09/26 09:01:05 jsing Exp $ */ +/* $OpenBSD: d1_lib.c,v 1.50 2020/09/26 14:43:17 jsing Exp $ */ /* * DTLS implementation written by Nagendra Modadugu * (nagendra@cs.stanford.edu) for the OpenSSL project 2005. @@ -70,6 +70,8 @@ #include "pqueue.h" #include "ssl_locl.h" +void dtls1_hm_fragment_free(hm_fragment *frag); + static int dtls1_listen(SSL *s, struct sockaddr *client); SSL3_ENC_METHOD DTLSv1_enc_data = { @@ -130,15 +132,12 @@ static void dtls1_drain_fragments(pqueue queue) { pitem *item; - hm_fragment *frag; if (queue == NULL) return; while ((item = pqueue_pop(queue)) != NULL) { - frag = (hm_fragment *)item->data; - free(frag->fragment); - free(frag); + dtls1_hm_fragment_free(item->data); pitem_free(item); } } -- cgit v1.2.3