diff options
| author | Daniel Stenberg <daniel@haxx.se> | 2021-02-17 14:19:57 +0100 |
|---|---|---|
| committer | Daniel Stenberg <daniel@haxx.se> | 2021-02-17 14:19:57 +0100 |
| commit | 82a351a6482e75f4f26652fbede6fd3fd2f176d8 (patch) | |
| tree | c2af7f064adfec84134fc859f860fd6f14876f31 | |
| parent | 94719e7285bb3d63d67129e2529def8f1bf1c5a8 (diff) | |
| download | curl-bagder/wolfssl-null-sessionid.tar.gz | |
wolfssl: don't store a NULL sessionidbagder/wolfssl-null-sessionid
This caused a memory leak as the session id cache entry was still
erroneously stored with a NULL sessionid and that would later be treated
as not needed to get freed.
Reported-by: Gisle Vanem
Fixes #6616
| -rw-r--r-- | lib/vtls/wolfssl.c | 42 |
1 files changed, 21 insertions, 21 deletions
diff --git a/lib/vtls/wolfssl.c b/lib/vtls/wolfssl.c index dc79d8b14..09f5c0455 100644 --- a/lib/vtls/wolfssl.c +++ b/lib/vtls/wolfssl.c @@ -770,32 +770,32 @@ wolfssl_connect_step3(struct Curl_easy *data, struct connectdata *conn, if(SSL_SET_OPTION(primary.sessionid)) { bool incache; - SSL_SESSION *our_ssl_sessionid; void *old_ssl_sessionid = NULL; - - our_ssl_sessionid = SSL_get_session(backend->handle); - - Curl_ssl_sessionid_lock(data); - incache = !(Curl_ssl_getsessionid(data, conn, &old_ssl_sessionid, NULL, - sockindex)); - if(incache) { - if(old_ssl_sessionid != our_ssl_sessionid) { - infof(data, "old SSL session ID is stale, removing\n"); - Curl_ssl_delsessionid(data, old_ssl_sessionid); - incache = FALSE; + SSL_SESSION *our_ssl_sessionid = SSL_get_session(backend->handle); + + if(our_ssl_sessionid) { + Curl_ssl_sessionid_lock(data); + incache = !(Curl_ssl_getsessionid(data, conn, &old_ssl_sessionid, NULL, + sockindex)); + if(incache) { + if(old_ssl_sessionid != our_ssl_sessionid) { + infof(data, "old SSL session ID is stale, removing\n"); + Curl_ssl_delsessionid(data, old_ssl_sessionid); + incache = FALSE; + } } - } - if(!incache) { - result = Curl_ssl_addsessionid(data, conn, our_ssl_sessionid, - 0 /* unknown size */, sockindex); - if(result) { - Curl_ssl_sessionid_unlock(data); - failf(data, "failed to store ssl session"); - return result; + if(!incache) { + result = Curl_ssl_addsessionid(data, conn, our_ssl_sessionid, + 0 /* unknown size */, sockindex); + if(result) { + Curl_ssl_sessionid_unlock(data); + failf(data, "failed to store ssl session"); + return result; + } } + Curl_ssl_sessionid_unlock(data); } - Curl_ssl_sessionid_unlock(data); } connssl->connecting_state = ssl_connect_done; |