Fixed memory leak due to incorrect freeing of DTLS reassembly bit mask (8a35dbb6) · Commits · CYBER - Cyber Security / TS 103 523 MSP / TLMSP / TLMSP OpenSSL

ssl/d1_both.c

+1 −2

Original line number	Diff line number	Diff line
		@@ -211,8 +211,7 @@ dtls1_hm_fragment_new(unsigned long frag_len, int reassembly)
		return frag;
		}

		static void
		dtls1_hm_fragment_free(hm_fragment *frag)
		void dtls1_hm_fragment_free(hm_fragment *frag)
		{

		if (frag->msg_header.is_ccs)

+2 −4

Original line number	Diff line number	Diff line
		@@ -187,16 +187,14 @@ static void dtls1_clear_queues(SSL *s)
		while( (item = pqueue_pop(s->d1->buffered_messages)) != NULL)
		{
		frag = (hm_fragment *)item->data;
		OPENSSL_free(frag->fragment);
		OPENSSL_free(frag);
		dtls1_hm_fragment_free(frag);
		pitem_free(item);
		}

		while ( (item = pqueue_pop(s->d1->sent_messages)) != NULL)
		{
		frag = (hm_fragment *)item->data;
		OPENSSL_free(frag->fragment);
		OPENSSL_free(frag);
		dtls1_hm_fragment_free(frag);
		pitem_free(item);
		}

+1 −0

Original line number	Diff line number	Diff line
		@@ -1219,6 +1219,7 @@ int dtls1_is_timer_expired(SSL *s);
		void dtls1_double_timeout(SSL *s);
		int dtls1_send_newsession_ticket(SSL *s);
		unsigned int dtls1_min_mtu(void);
		void dtls1_hm_fragment_free(hm_fragment *frag);

		/* some client-only functions */
		int ssl3_client_hello(SSL *s);