[Libguestfs] [PATCH nbdkit 4/4] crypto: Free TLS session.

Sunday, 2 December 2018

This structure was not freed along the non-error path, both resulting
in a memory leak and providing an easy way for clients to blow up
nbdkit servers if they enable TLS support.  Ooops.

Found by valgrind.
---
 src/crypto.c | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/src/crypto.c b/src/crypto.c
index 948e79e..c2f9971 100644
--- a/src/crypto.c
+++ b/src/crypto.c
@@ -391,6 +391,10 @@ crypto_close (struct connection *conn)
     close (sockin);
   if (sockout >= 0 && sockin != sockout)
     close (sockout);
+
+  gnutls_deinit (*session);
+  free (session);
+  connection_set_crypto_session (conn, NULL);
 }
 
 /* Upgrade an existing connection to TLS.  Also this should do access
@@ -505,6 +509,7 @@ crypto_negotiate_tls (struct connection *conn, int sockin, int
sockout)
  error:
   gnutls_deinit (*session);
   free (session);
+  connection_set_crypto_session (conn, NULL);
   return -1;
 }
 
-- 
2.19.0.rc0


    

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

[Libguestfs] [PATCH nbdkit 4/4] crypto: Free TLS session.