diff options
author | Daniel Stenberg <daniel@haxx.se> | 2021-02-17 14:19:57 +0100 |
---|---|---|
committer | Daniel Stenberg <daniel@haxx.se> | 2021-02-17 22:55:45 +0100 |
commit | bc928be02cd52797455d1612ed0755eb60ce4a31 (patch) | |
tree | 6210bb9e471bcb4de553d6af55cc32938ec1d56f /lib | |
parent | f248a1306596d54af89b90dc928c13182d1b9960 (diff) | |
download | curl-bc928be02cd52797455d1612ed0755eb60ce4a31.tar.gz |
wolfssl: don't store a NULL sessionid
This caused a memory leak as the session id cache entry was still
erroneously stored with a NULL sessionid and that would later be treated
as not needed to get freed.
Reported-by: Gisle Vanem
Fixes #6616
Closes #6617
Diffstat (limited to 'lib')
-rw-r--r-- | lib/vtls/wolfssl.c | 42 |
1 files changed, 21 insertions, 21 deletions
diff --git a/lib/vtls/wolfssl.c b/lib/vtls/wolfssl.c index dc79d8b14..09f5c0455 100644 --- a/lib/vtls/wolfssl.c +++ b/lib/vtls/wolfssl.c @@ -770,32 +770,32 @@ wolfssl_connect_step3(struct Curl_easy *data, struct connectdata *conn, if(SSL_SET_OPTION(primary.sessionid)) { bool incache; - SSL_SESSION *our_ssl_sessionid; void *old_ssl_sessionid = NULL; - - our_ssl_sessionid = SSL_get_session(backend->handle); - - Curl_ssl_sessionid_lock(data); - incache = !(Curl_ssl_getsessionid(data, conn, &old_ssl_sessionid, NULL, - sockindex)); - if(incache) { - if(old_ssl_sessionid != our_ssl_sessionid) { - infof(data, "old SSL session ID is stale, removing\n"); - Curl_ssl_delsessionid(data, old_ssl_sessionid); - incache = FALSE; + SSL_SESSION *our_ssl_sessionid = SSL_get_session(backend->handle); + + if(our_ssl_sessionid) { + Curl_ssl_sessionid_lock(data); + incache = !(Curl_ssl_getsessionid(data, conn, &old_ssl_sessionid, NULL, + sockindex)); + if(incache) { + if(old_ssl_sessionid != our_ssl_sessionid) { + infof(data, "old SSL session ID is stale, removing\n"); + Curl_ssl_delsessionid(data, old_ssl_sessionid); + incache = FALSE; + } } - } - if(!incache) { - result = Curl_ssl_addsessionid(data, conn, our_ssl_sessionid, - 0 /* unknown size */, sockindex); - if(result) { - Curl_ssl_sessionid_unlock(data); - failf(data, "failed to store ssl session"); - return result; + if(!incache) { + result = Curl_ssl_addsessionid(data, conn, our_ssl_sessionid, + 0 /* unknown size */, sockindex); + if(result) { + Curl_ssl_sessionid_unlock(data); + failf(data, "failed to store ssl session"); + return result; + } } + Curl_ssl_sessionid_unlock(data); } - Curl_ssl_sessionid_unlock(data); } connssl->connecting_state = ssl_connect_done; |