diff options
| author | Daniel Gustafsson <daniel@yesql.se> | 2019-02-16 22:30:31 +0100 |
|---|---|---|
| committer | Daniel Gustafsson <daniel@yesql.se> | 2019-02-16 22:30:31 +0100 |
| commit | 0299b262cd9c75adab546f4851c03995d98d61e1 (patch) | |
| tree | 2e928de5eddeb5ae4f2757ce868709d8e0458c7b | |
| parent | 188036ca58e63443f4430e035f5c535dce772e40 (diff) | |
| download | curl-0299b262cd9c75adab546f4851c03995d98d61e1.tar.gz | |
mbedtls: release sessionid resources on error
If mbedtls_ssl_get_session() fails, it may still have allocated
memory that needs to be freed to avoid leaking. Call the library
API function to release session resources on this errorpath as
well as on Curl_ssl_addsessionid() errors.
Closes: #3574
Reported-by: MichaĆ Antoniak <M.Antoniak@posnet.com>
Reviewed-by: Daniel Stenberg <daniel@haxx.se>
| -rw-r--r-- | lib/vtls/mbedtls.c | 3 |
1 files changed, 3 insertions, 0 deletions
diff --git a/lib/vtls/mbedtls.c b/lib/vtls/mbedtls.c index c36c93e3f..27a9402cb 100644 --- a/lib/vtls/mbedtls.c +++ b/lib/vtls/mbedtls.c @@ -716,6 +716,8 @@ mbed_connect_step3(struct connectdata *conn, ret = mbedtls_ssl_get_session(&BACKEND->ssl, our_ssl_sessionid); if(ret) { + if(ret != MBEDTLS_ERR_SSL_ALLOC_FAILED) + mbedtls_ssl_session_free(our_ssl_sessionid); free(our_ssl_sessionid); failf(data, "mbedtls_ssl_get_session returned -0x%x", -ret); return CURLE_SSL_CONNECT_ERROR; @@ -729,6 +731,7 @@ mbed_connect_step3(struct connectdata *conn, retcode = Curl_ssl_addsessionid(conn, our_ssl_sessionid, 0, sockindex); Curl_ssl_sessionid_unlock(conn); if(retcode) { + mbedtls_ssl_session_free(our_ssl_sessionid); free(our_ssl_sessionid); failf(data, "failed to store ssl session"); return retcode; |