From 947cee18a16378c2cb5b9e84f81684a2a1f6ee58 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Mon, 6 Mar 2023 11:59:59 +0100 Subject: [PATCH] Fix memory leak. MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit The function reset_checksum() can be called more than once with the same handshake context (this happens with DTLS clients, and perhaps in other cases as well). When that happens, we need to free the old MD contexts before setting them up again. Note: the PSA path was already doing the right thing by calling abort, we just needed to do the same on the MD path. Signed-off-by: Manuel Pégourié-Gonnard --- library/ssl_tls.c | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/library/ssl_tls.c b/library/ssl_tls.c index 9070f208d7..8ee1ddc21c 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -839,6 +839,8 @@ int mbedtls_ssl_reset_checksum(mbedtls_ssl_context *ssl) return mbedtls_md_error_from_psa(status); } #else + mbedtls_md_free(&ssl->handshake->fin_sha256); + mbedtls_md_init(&ssl->handshake->fin_sha256); ret = mbedtls_md_setup(&ssl->handshake->fin_sha256, mbedtls_md_info_from_type(MBEDTLS_MD_SHA256), 0); @@ -862,6 +864,8 @@ int mbedtls_ssl_reset_checksum(mbedtls_ssl_context *ssl) return mbedtls_md_error_from_psa(status); } #else + mbedtls_md_free(&ssl->handshake->fin_sha384); + mbedtls_md_init(&ssl->handshake->fin_sha384); ret = mbedtls_md_setup(&ssl->handshake->fin_sha384, mbedtls_md_info_from_type(MBEDTLS_MD_SHA384), 0); if (ret != 0) {