curl/mbedtls-release-sessionid-resources-on-error.patch

From 0299b262cd9c75adab546f4851c03995d98d61e1 Mon Sep 17 00:00:00 2001
From: Daniel Gustafsson <daniel@yesql.se>
Date: Sat, 16 Feb 2019 22:30:31 +0100
Subject: [PATCH 552/557] mbedtls: release sessionid resources on error
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

If mbedtls_ssl_get_session() fails, it may still have allocated
memory that needs to be freed to avoid leaking. Call the library
API function to release session resources on this errorpath as
well as on Curl_ssl_addsessionid() errors.

Closes: #3574
Reported-by: Michał Antoniak <M.Antoniak@posnet.com>
Reviewed-by: Daniel Stenberg <daniel@haxx.se>
---
 lib/vtls/mbedtls.c | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/lib/vtls/mbedtls.c b/lib/vtls/mbedtls.c
index c36c93e..27a9402 100644
--- a/lib/vtls/mbedtls.c
+++ b/lib/vtls/mbedtls.c
@@ -716,6 +716,8 @@ mbed_connect_step3(struct connectdata *conn,
 
     ret = mbedtls_ssl_get_session(&BACKEND->ssl, our_ssl_sessionid);
     if(ret) {
+      if(ret != MBEDTLS_ERR_SSL_ALLOC_FAILED)
+        mbedtls_ssl_session_free(our_ssl_sessionid);
       free(our_ssl_sessionid);
       failf(data, "mbedtls_ssl_get_session returned -0x%x", -ret);
       return CURLE_SSL_CONNECT_ERROR;
@@ -729,6 +731,7 @@ mbed_connect_step3(struct connectdata *conn,
     retcode = Curl_ssl_addsessionid(conn, our_ssl_sessionid, 0, sockindex);
     Curl_ssl_sessionid_unlock(conn);
     if(retcode) {
+      mbedtls_ssl_session_free(our_ssl_sessionid);
       free(our_ssl_sessionid);
       failf(data, "failed to store ssl session");
       return retcode;
-- 
1.8.3.1
Package init 2019-09-30 10:36:29 -04:00			`From 0299b262cd9c75adab546f4851c03995d98d61e1 Mon Sep 17 00:00:00 2001`
			`From: Daniel Gustafsson <daniel@yesql.se>`
			`Date: Sat, 16 Feb 2019 22:30:31 +0100`
			`Subject: [PATCH 552/557] mbedtls: release sessionid resources on error`
			`MIME-Version: 1.0`
			`Content-Type: text/plain; charset=UTF-8`
			`Content-Transfer-Encoding: 8bit`

			`If mbedtls_ssl_get_session() fails, it may still have allocated`
			`memory that needs to be freed to avoid leaking. Call the library`
			`API function to release session resources on this errorpath as`
			`well as on Curl_ssl_addsessionid() errors.`

			`Closes: #3574`
			`Reported-by: Michał Antoniak <M.Antoniak@posnet.com>`
			`Reviewed-by: Daniel Stenberg <daniel@haxx.se>`
			`---`
			`lib/vtls/mbedtls.c \| 3 +++`
			`1 file changed, 3 insertions(+)`

			`diff --git a/lib/vtls/mbedtls.c b/lib/vtls/mbedtls.c`
			`index c36c93e..27a9402 100644`
			`--- a/lib/vtls/mbedtls.c`
			`+++ b/lib/vtls/mbedtls.c`
			`@@ -716,6 +716,8 @@ mbed_connect_step3(struct connectdata *conn,`

			`ret = mbedtls_ssl_get_session(&BACKEND->ssl, our_ssl_sessionid);`
			`if(ret) {`
			`+ if(ret != MBEDTLS_ERR_SSL_ALLOC_FAILED)`
			`+ mbedtls_ssl_session_free(our_ssl_sessionid);`
			`free(our_ssl_sessionid);`
			`failf(data, "mbedtls_ssl_get_session returned -0x%x", -ret);`
			`return CURLE_SSL_CONNECT_ERROR;`
			`@@ -729,6 +731,7 @@ mbed_connect_step3(struct connectdata *conn,`
			`retcode = Curl_ssl_addsessionid(conn, our_ssl_sessionid, 0, sockindex);`
			`Curl_ssl_sessionid_unlock(conn);`
			`if(retcode) {`
			`+ mbedtls_ssl_session_free(our_ssl_sessionid);`
			`free(our_ssl_sessionid);`
			`failf(data, "failed to store ssl session");`
			`return retcode;`
			`--`
			`1.8.3.1`