diff options
author | Rafael Antonio <rafa@distrobit.net> | 2016-02-01 23:13:10 +0100 |
---|---|---|
committer | Daniel Stenberg <daniel@haxx.se> | 2016-02-09 23:42:57 +0100 |
commit | c62d7944cf75f402d45523e3e415e44e83f5d733 (patch) | |
tree | bbd5e01e9e3257117451472cba7e4a221a0c4dc9 /lib/vtls | |
parent | 716302c2cd59f96ecd96f949db92576d204cabae (diff) |
mbedtls: fix memory leak when destroying SSL connection data
Closes #626
Diffstat (limited to 'lib/vtls')
-rw-r--r-- | lib/vtls/mbedtls.c | 16 |
1 files changed, 11 insertions, 5 deletions
diff --git a/lib/vtls/mbedtls.c b/lib/vtls/mbedtls.c index cf8996786..36684227c 100644 --- a/lib/vtls/mbedtls.c +++ b/lib/vtls/mbedtls.c @@ -211,7 +211,7 @@ mbedtls_connect_step1(struct connectdata *conn, #endif /* THREADING_SUPPORT */ /* Load the trusted CA */ - memset(&connssl->cacert, 0, sizeof(mbedtls_x509_crt)); + mbedtls_x509_crt_init(&connssl->cacert); if(data->set.str[STRING_SSL_CAFILE]) { ret = mbedtls_x509_crt_parse_file(&connssl->cacert, @@ -246,7 +246,7 @@ mbedtls_connect_step1(struct connectdata *conn, } /* Load the client certificate */ - memset(&connssl->clicert, 0, sizeof(mbedtls_x509_crt)); + mbedtls_x509_crt_init(&connssl->clicert); if(data->set.str[STRING_CERT]) { ret = mbedtls_x509_crt_parse_file(&connssl->clicert, @@ -264,8 +264,9 @@ mbedtls_connect_step1(struct connectdata *conn, } /* Load the client private key */ + mbedtls_pk_init(&connssl->pk); + if(data->set.str[STRING_KEY]) { - mbedtls_pk_init(&connssl->pk); ret = mbedtls_pk_parse_keyfile(&connssl->pk, data->set.str[STRING_KEY], data->set.str[STRING_KEY_PASSWD]); if(ret == 0 && !mbedtls_pk_can_do(&connssl->pk, MBEDTLS_PK_RSA)) @@ -283,7 +284,7 @@ mbedtls_connect_step1(struct connectdata *conn, } /* Load the CRL */ - memset(&connssl->crl, 0, sizeof(mbedtls_x509_crl)); + mbedtls_x509_crl_init(&connssl->crl); if(data->set.str[STRING_SSL_CRLFILE]) { ret = mbedtls_x509_crl_parse_file(&connssl->crl, @@ -647,11 +648,16 @@ void Curl_mbedtls_close_all(struct SessionHandle *data) void Curl_mbedtls_close(struct connectdata *conn, int sockindex) { - /* mbedtls_rsa_free(&conn->ssl[sockindex].rsa); */ + mbedtls_pk_free(&conn->ssl[sockindex].pk); mbedtls_x509_crt_free(&conn->ssl[sockindex].clicert); mbedtls_x509_crt_free(&conn->ssl[sockindex].cacert); mbedtls_x509_crl_free(&conn->ssl[sockindex].crl); + mbedtls_ssl_config_free(&conn->ssl[sockindex].config); mbedtls_ssl_free(&conn->ssl[sockindex].ssl); + mbedtls_ctr_drbg_free(&conn->ssl[sockindex].ctr_drbg); +#ifndef THREADING_SUPPORT + mbedtls_entropy_free(&conn->ssl[sockindex].entropy); +#endif /* THREADING_SUPPORT */ } static ssize_t mbedtls_recv(struct connectdata *conn, |