mirrors/ngircd
1
0
Fork 0
mirror of https://github.com/osmarks/ngircd.git synced 2025-01-20 20:36:53 +00:00
Code Issues Releases Wiki Activity

GnuTLS: Eliminate memory leaks for DH parameters, priorities cache

Browse Source 
The DH parameters reference has to be stored next to the x509_cred
which holds a reference to it.
This commit is contained in:
Hilko Bengen 2020-04-19 21:20:43 +02:00
parent eead4a631f
commit 86f3c563d6
1 changed files with 9 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
src/ngircd/conn-ssl.c
View File

@ -65,13 +65,14 @@ static bool ConnSSL_LoadServerKey_openssl PARAMS(( SSL_CTX *c ));
typedef struct { typedef struct {
int refcnt; int refcnt;
gnutls_certificate_credentials_t x509_cred; gnutls_certificate_credentials_t x509_cred;
gnutls_dh_params_t dh_params;
} x509_cred_slot; } x509_cred_slot;
static array x509_creds = INIT_ARRAY; static array x509_creds = INIT_ARRAY;
static size_t x509_cred_idx; static size_t x509_cred_idx;
static gnutls_dh_params_t dh_params; static gnutls_dh_params_t dh_params;
static gnutls_priority_t priorities_cache; static gnutls_priority_t priorities_cache = NULL;
static bool ConnSSL_LoadServerKey_gnutls PARAMS(( void )); static bool ConnSSL_LoadServerKey_gnutls PARAMS(( void ));
#endif #endif
@ -281,10 +282,11 @@ void ConnSSL_Free(CONNECTION *c)
if ((c->ssl_state.x509_cred_idx != x509_cred_idx) && (slot->refcnt <= 0)) { if ((c->ssl_state.x509_cred_idx != x509_cred_idx) && (slot->refcnt <= 0)) {
Log(LOG_INFO, "Discarding X509 certificate credentials from slot %zd.", Log(LOG_INFO, "Discarding X509 certificate credentials from slot %zd.",
c->ssl_state.x509_cred_idx); c->ssl_state.x509_cred_idx);
/* TODO/FIXME: DH parameters will still leak memory. */
gnutls_certificate_free_keys(slot->x509_cred); gnutls_certificate_free_keys(slot->x509_cred);
gnutls_certificate_free_credentials(slot->x509_cred); gnutls_certificate_free_credentials(slot->x509_cred);
slot->x509_cred = NULL; slot->x509_cred = NULL;
gnutls_dh_params_deinit(slot->dh_params);
slot->dh_params = NULL;
slot->refcnt = 0; slot->refcnt = 0;
} }
#endif #endif
@ -381,6 +383,9 @@ out:
if (!ConnSSL_LoadServerKey_gnutls()) if (!ConnSSL_LoadServerKey_gnutls())
goto out; goto out;
if (priorities_cache != NULL) {
gnutls_priority_deinit(priorities_cache);
}
if (gnutls_priority_init(&priorities_cache, Conf_SSLOptions.CipherList, if (gnutls_priority_init(&priorities_cache, Conf_SSLOptions.CipherList,
NULL) != GNUTLS_E_SUCCESS) { NULL) != GNUTLS_E_SUCCESS) {
Log(LOG_ERR, Log(LOG_ERR,
@ -444,10 +449,11 @@ ConnSSL_LoadServerKey_gnutls(void)
slot = array_get(&x509_creds, sizeof(x509_cred_slot), x509_cred_idx); slot = array_get(&x509_creds, sizeof(x509_cred_slot), x509_cred_idx);
if ((slot != NULL) && (slot->refcnt <= 0) && (slot->x509_cred != NULL)) { if ((slot != NULL) && (slot->refcnt <= 0) && (slot->x509_cred != NULL)) {
Log(LOG_INFO, "Discarding X509 certificate credentials from slot %zd.", x509_cred_idx); Log(LOG_INFO, "Discarding X509 certificate credentials from slot %zd.", x509_cred_idx);
/* TODO/FIXME: DH parameters will still leak memory. */
gnutls_certificate_free_keys(slot->x509_cred); gnutls_certificate_free_keys(slot->x509_cred);
gnutls_certificate_free_credentials(slot->x509_cred); gnutls_certificate_free_credentials(slot->x509_cred);
slot->x509_cred = NULL; slot->x509_cred = NULL;
gnutls_dh_params_deinit(slot->dh_params);
slot->dh_params = NULL;
slot->refcnt = 0; slot->refcnt = 0;
} }