diff options
| author | Hilko Bengen <bengen@hilluzination.de> | 2020-04-19 21:20:43 +0200 |
|---|---|---|
| committer | Hilko Bengen <bengen@hilluzination.de> | 2020-04-19 21:20:43 +0200 |
| commit | 86f3c563d6a6f86fd4f8c9fc303808bbf85d29c3 (patch) | |
| tree | ba4fb71af33d447097126c9a11c1503a08716322 | |
| parent | eead4a631feb4d3cb8d7fefb2b09207d771035ca (diff) | |
| download | ngircd-86f3c563d6a6f86fd4f8c9fc303808bbf85d29c3.tar.gz ngircd-86f3c563d6a6f86fd4f8c9fc303808bbf85d29c3.zip | |
GnuTLS: Eliminate memory leaks for DH parameters, priorities cache
The DH parameters reference has to be stored next to the x509_cred which holds a reference to it.
| -rw-r--r-- | src/ngircd/conn-ssl.c | 12 |
1 files changed, 9 insertions, 3 deletions
diff --git a/src/ngircd/conn-ssl.c b/src/ngircd/conn-ssl.c index ae5fd572..4dd335ea 100644 --- a/src/ngircd/conn-ssl.c +++ b/src/ngircd/conn-ssl.c @@ -65,13 +65,14 @@ static bool ConnSSL_LoadServerKey_openssl PARAMS(( SSL_CTX *c )); typedef struct { int refcnt; gnutls_certificate_credentials_t x509_cred; + gnutls_dh_params_t dh_params; } x509_cred_slot; static array x509_creds = INIT_ARRAY; static size_t x509_cred_idx; static gnutls_dh_params_t dh_params; -static gnutls_priority_t priorities_cache; +static gnutls_priority_t priorities_cache = NULL; static bool ConnSSL_LoadServerKey_gnutls PARAMS(( void )); #endif @@ -281,10 +282,11 @@ void ConnSSL_Free(CONNECTION *c) if ((c->ssl_state.x509_cred_idx != x509_cred_idx) && (slot->refcnt <= 0)) { Log(LOG_INFO, "Discarding X509 certificate credentials from slot %zd.", c->ssl_state.x509_cred_idx); - /* TODO/FIXME: DH parameters will still leak memory. */ gnutls_certificate_free_keys(slot->x509_cred); gnutls_certificate_free_credentials(slot->x509_cred); slot->x509_cred = NULL; + gnutls_dh_params_deinit(slot->dh_params); + slot->dh_params = NULL; slot->refcnt = 0; } #endif @@ -381,6 +383,9 @@ out: if (!ConnSSL_LoadServerKey_gnutls()) goto out; + if (priorities_cache != NULL) { + gnutls_priority_deinit(priorities_cache); + } if (gnutls_priority_init(&priorities_cache, Conf_SSLOptions.CipherList, NULL) != GNUTLS_E_SUCCESS) { Log(LOG_ERR, @@ -444,10 +449,11 @@ ConnSSL_LoadServerKey_gnutls(void) slot = array_get(&x509_creds, sizeof(x509_cred_slot), x509_cred_idx); if ((slot != NULL) && (slot->refcnt <= 0) && (slot->x509_cred != NULL)) { Log(LOG_INFO, "Discarding X509 certificate credentials from slot %zd.", x509_cred_idx); - /* TODO/FIXME: DH parameters will still leak memory. */ gnutls_certificate_free_keys(slot->x509_cred); gnutls_certificate_free_credentials(slot->x509_cred); slot->x509_cred = NULL; + gnutls_dh_params_deinit(slot->dh_params); + slot->dh_params = NULL; slot->refcnt = 0; } |