If a push is interrupted due to a timeout, c->c2.pulled_options_state is never freed. Fix that by always cleaning up any remaining pulled options state when we close a connection.
This changes the mbedtls implementation of md_ctx_cleanup to actually clean up the context, which was not needed earlier. Signed-off-by: Steffan Karger <steffan.kar...@fox-it.com> --- src/openvpn/crypto_mbedtls.c | 1 + src/openvpn/init.c | 6 ++++++ 2 files changed, 7 insertions(+) diff --git a/src/openvpn/crypto_mbedtls.c b/src/openvpn/crypto_mbedtls.c index 8fa03da..8fc252f 100644 --- a/src/openvpn/crypto_mbedtls.c +++ b/src/openvpn/crypto_mbedtls.c @@ -804,6 +804,7 @@ md_ctx_init(mbedtls_md_context_t *ctx, const mbedtls_md_info_t *kt) void md_ctx_cleanup(mbedtls_md_context_t *ctx) { + mbedtls_md_free(ctx); } int diff --git a/src/openvpn/init.c b/src/openvpn/init.c index 30beadb..abf8da2 100644 --- a/src/openvpn/init.c +++ b/src/openvpn/init.c @@ -3384,6 +3384,12 @@ do_close_tls(struct context *c) } c->c2.options_string_local = c->c2.options_string_remote = NULL; #endif + + if (c->c2.pulled_options_state) + { + md_ctx_cleanup(c->c2.pulled_options_state); + md_ctx_free(c->c2.pulled_options_state); + } } /* -- 2.7.4 ------------------------------------------------------------------------------ Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot _______________________________________________ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel