>From e88cbcacdeb485692157f229713f2e8e1d0b07de Mon Sep 17 00:00:00 2001 From: "Richard W.M. Jones" Date: Sun, 2 Dec 2018 13:33:54 +0000 Subject: [PATCH] crypto: Free TLS session. This structure was not freed along the non-error path, both resulting in a memory leak and providing an easy way for clients to blow up nbdkit servers if they enable TLS support. Ooops. Found by valgrind. --- src/crypto.c | 20 ++++++++++++-------- 1 file changed, 12 insertions(+), 8 deletions(-) diff --git a/src/crypto.c b/src/crypto.c index 948e79e..f19f3c6 100644 --- a/src/crypto.c +++ b/src/crypto.c @@ -391,6 +391,10 @@ crypto_close (struct connection *conn) close (sockin); if (sockout >= 0 && sockin != sockout) close (sockout); + + gnutls_deinit (*session); + free (session); + connection_set_crypto_session (conn, NULL); } /* Upgrade an existing connection to TLS. Also this should do access @@ -476,15 +480,8 @@ crypto_negotiate_tls (struct connection *conn, int sockin, int sockout) goto error; } - /* Set up GnuTLS so it reads and writes on the raw sockets, and set - * up the connection recv/send/close functions so they call GnuTLS - * wrappers instead. - */ + /* Set up GnuTLS so it reads and writes on the raw sockets. */ gnutls_transport_set_int2 (*session, sockin, sockout); - connection_set_crypto_session (conn, session); - connection_set_recv (conn, crypto_recv); - connection_set_send (conn, crypto_send); - connection_set_close (conn, crypto_close); /* Perform the handshake. */ debug ("starting TLS handshake"); @@ -500,6 +497,13 @@ crypto_negotiate_tls (struct connection *conn, int sockin, int sockout) } debug ("TLS handshake completed"); + /* Set up the connection recv/send/close functions so they call + * GnuTLS wrappers instead. + */ + connection_set_crypto_session (conn, session); + connection_set_recv (conn, crypto_recv); + connection_set_send (conn, crypto_send); + connection_set_close (conn, crypto_close); return 0; error: -- 2.19.0.rc0