kris/boringssl
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Don't stash tlsext_hostname in ssl_get_new_session.

Browse Source 
ssl_get_new_session would stash a copy of the configured hostname
into the SSL_SESSION on the server. Servers have no reason to
configuring that anyway, but, if one did, we'd leak when filling in
the client-supplied SNI later.

Remove this code and guard against this by remembering to OPENSSL_free
when overwriting that field (although it should always be NULL).

Reported-By: Robert Swiecki <swiecki@google.com>
Change-Id: Ib901b5f82e5cf818060ef47a9585363e05dd9932
Reviewed-on: https://boringssl-review.googlesource.com/13631
Reviewed-by: David Benjamin <davidben@google.com>
Commit-Queue: David Benjamin <davidben@google.com>
CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>
This commit is contained in:
Steven Valdez 2017-02-06 12:06:01 -05:00 committed by CQ bot account: commit-bot@chromium.org
parent b7d53ba268
commit 2f82a0e51b
4 changed files with 3 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
ssl/handshake_server.c
View File

@ -992,6 +992,7 @@ static int ssl3_get_client_hello(SSL_HANDSHAKE *hs) {
/* On new sessions, stash the SNI value in the session. */
if (hs->hostname != NULL) {
OPENSSL_free(ssl->s3->new_session->tlsext_hostname);
ssl->s3->new_session->tlsext_hostname = BUF_strdup(hs->hostname);
if (ssl->s3->new_session->tlsext_hostname == NULL) {
al = SSL_AD_INTERNAL_ERROR;

8
ssl/ssl_session.c
View File

@ -538,14 +538,6 @@ int ssl_get_new_session(SSL_HANDSHAKE *hs, int is_server) {
goto err;
}
}
if (ssl->tlsext_hostname != NULL) {
session->tlsext_hostname = BUF_strdup(ssl->tlsext_hostname);
if (session->tlsext_hostname == NULL) {
OPENSSL_PUT_ERROR(SSL, ERR_R_MALLOC_FAILURE);
goto err;
}
}
} else {
session->session_id_length = 0;
}

2
ssl/t1_lib.c
View File

@ -616,7 +616,7 @@ static int ext_sni_parse_serverhello(SSL_HANDSHAKE *hs, uint8_t *out_alert,
assert(ssl->tlsext_hostname != NULL);
if (ssl->session == NULL) {
assert(ssl->s3->new_session->tlsext_hostname == NULL);
OPENSSL_free(ssl->s3->new_session->tlsext_hostname);
ssl->s3->new_session->tlsext_hostname = BUF_strdup(ssl->tlsext_hostname);
if (!ssl->s3->new_session->tlsext_hostname) {
*out_alert = SSL_AD_INTERNAL_ERROR;

1
ssl/tls13_server.c
View File

@ -198,6 +198,7 @@ static enum ssl_hs_wait_t do_select_parameters(SSL_HANDSHAKE *hs) {
/* On new sessions, stash the SNI value in the session. */
if (hs->hostname != NULL) {
OPENSSL_free(ssl->s3->new_session->tlsext_hostname);
ssl->s3->new_session->tlsext_hostname = BUF_strdup(hs->hostname);
if (ssl->s3->new_session->tlsext_hostname == NULL) {
ssl3_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_INTERNAL_ERROR);