If a push is interrupted due to a timeout, c->c2.pulled_options_state is
never freed. Fix that by always cleaning up any remaining pulled
options state when we close a connection.
This changes the mbedtls implementation of md_ctx_cleanup to actually
clean up the context, which was not needed earlier.
Signed-off-by: Steffan Karger <steffan.kar...@fox-it.com>
---
src/openvpn/crypto_mbedtls.c | 1 +
src/openvpn/init.c | 6 ++++++
2 files changed, 7 insertions(+)
diff --git a/src/openvpn/crypto_mbedtls.c b/src/openvpn/crypto_mbedtls.c
index 8fa03da..8fc252f 100644
--- a/src/openvpn/crypto_mbedtls.c
+++ b/src/openvpn/crypto_mbedtls.c
@@ -804,6 +804,7 @@ md_ctx_init(mbedtls_md_context_t *ctx, const
mbedtls_md_info_t *kt)
void
md_ctx_cleanup(mbedtls_md_context_t *ctx)
{
+ mbedtls_md_free(ctx);
}
int
diff --git a/src/openvpn/init.c b/src/openvpn/init.c
index 30beadb..abf8da2 100644
--- a/src/openvpn/init.c
+++ b/src/openvpn/init.c
@@ -3384,6 +3384,12 @@ do_close_tls(struct context *c)
}
c->c2.options_string_local = c->c2.options_string_remote = NULL;
#endif
+
+ if (c->c2.pulled_options_state)
+ {
+ md_ctx_cleanup(c->c2.pulled_options_state);
+ md_ctx_free(c->c2.pulled_options_state);
+ }
}
/*
--
2.7.4
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-devel
