Fix memory leak in calling SSL_clear.

State hanging off the SSL gets freed in two places. Change-Id: I41a8d2a7cab35f0098396006e1f6380038ec471a Reviewed-on: https://boringssl-review.googlesource.com/2212 Reviewed-by: Adam Langley <agl@google.com>
author: David Benjamin <davidben@chromium.org> 2014-11-05 08:51:38 +0300
committer: Adam Langley <agl@google.com> 2014-11-06 05:03:05 +0300
commit: 1a8b549098d963911ee2a406a646127e8094b83b (patch)
tree: 71b9d08131ba65c1fe22fb872394accdecbc33f8 /ssl/s3_lib.c
parent: 9da9035b50e8eb149a9cb25cc6bf6a1690d61e07 (diff)
1 files changed, 12 insertions, 1 deletions
diff --git a/ssl/s3_lib.c b/ssl/s3_lib.c
index 30606847..e4ded324 100644
--- a/ssl/s3_lib.c
+++ b/ssl/s3_lib.c
@@ -1047,12 +1047,23 @@ void ssl3_clear(SSL *s)
 	size_t rlen, wlen;
 	int init_extra;
 
+	/* TODO(davidben): Can this just call ssl3_free +
+	 * ssl3_new. rbuf, wbuf, and init_extra are preserved, but
+	 * this may not serve anything more than saving a malloc. */
+
 	ssl3_cleanup_key_block(s);
 	if (s->s3->tmp.ca_names != NULL)
 		sk_X509_NAME_pop_free(s->s3->tmp.ca_names,X509_NAME_free);
+	s->s3->tmp.ca_names = NULL;
 	if (s->s3->tmp.certificate_types != NULL)
 		OPENSSL_free(s->s3->tmp.certificate_types);
-	s->s3->tmp.num_certificate_types = 0;
+	s->s3->tmp.certificate_types = NULL;
+	if (s->s3->tmp.peer_ecpointformatlist)
+		OPENSSL_free(s->s3->tmp.peer_ecpointformatlist);
+	s->s3->tmp.peer_ecpointformatlist = NULL;
+	if (s->s3->tmp.peer_ellipticcurvelist)
+		OPENSSL_free(s->s3->tmp.peer_ellipticcurvelist);
+	s->s3->tmp.peer_ellipticcurvelist = NULL;
 
 	if (s->s3->tmp.dh != NULL)
 		{
author	David Benjamin <davidben@chromium.org>	2014-11-05 08:51:38 +0300
committer	Adam Langley <agl@google.com>	2014-11-06 05:03:05 +0300
commit	1a8b549098d963911ee2a406a646127e8094b83b (patch)
tree	71b9d08131ba65c1fe22fb872394accdecbc33f8 /ssl/s3_lib.c
parent	9da9035b50e8eb149a9cb25cc6bf6a1690d61e07 (diff)