Changeset 6091


Ignore:
Timestamp:
Oct 11, 2019 2:26:12 PM (5 weeks ago)
Author:
riza
Message:

Fix #2244: Prevent continuous memory allocation when getting raw certificate on TLS.

Location:
pjproject/trunk/pjlib/src/pj
Files:
4 edited

Legend:

Unmodified
Added
Removed
  • pjproject/trunk/pjlib/src/pj/ssl_sock_gtls.c

    r5938 r6091  
    10511051 
    10521052    tls_cert_get_info(ssock->pool, &ssock->local_cert_info, cert); 
    1053     tls_cert_get_chain_raw(ssock->pool, &ssock->local_cert_info, us, 1); 
     1053    pj_pool_reset(ssock->info_pool); 
     1054    tls_cert_get_chain_raw(ssock->info_pool, &ssock->local_cert_info, us, 1); 
    10541055 
    10551056us_out: 
     
    10781079 
    10791080    tls_cert_get_info(ssock->pool, &ssock->remote_cert_info, cert); 
    1080     tls_cert_get_chain_raw(ssock->pool, &ssock->remote_cert_info, certs, 
     1081    pj_pool_reset(ssock->info_pool); 
     1082    tls_cert_get_chain_raw(ssock->info_pool, &ssock->remote_cert_info, certs, 
    10811083                           certslen); 
    10821084 
  • pjproject/trunk/pjlib/src/pj/ssl_sock_imp_common.c

    r6082 r6091  
    620620 
    621621    /* Secure release pool, i.e: all memory blocks will be zeroed first */ 
     622    pj_pool_secure_release(&ssock->info_pool); 
    622623    pj_pool_secure_release(&ssock->pool); 
    623624} 
     
    12671268    pj_ssl_sock_t *ssock; 
    12681269    pj_status_t status; 
     1270    pj_pool_t *info_pool; 
    12691271 
    12701272    PJ_ASSERT_RETURN(pool && param && p_ssock, PJ_EINVAL); 
    12711273    PJ_ASSERT_RETURN(param->sock_type == pj_SOCK_STREAM(), PJ_ENOTSUP); 
    12721274 
     1275    info_pool = pj_pool_create(pool->factory, "ssl_chain%p", 512, 512, NULL); 
    12731276    pool = pj_pool_create(pool->factory, "ssl%p", 512, 512, NULL); 
    12741277 
     
    12761279    ssock = ssl_alloc(pool); 
    12771280    ssock->pool = pool; 
     1281    ssock->info_pool = info_pool; 
    12781282    ssock->sock = PJ_INVALID_SOCKET; 
    12791283    ssock->ssl_state = SSL_STATE_NULL; 
  • pjproject/trunk/pjlib/src/pj/ssl_sock_imp_common.h

    r6054 r6091  
    9797{ 
    9898    pj_pool_t            *pool; 
     99    pj_pool_t            *info_pool; /* this is for certificate chain  
     100                                      * information allocation. Don't use for  
     101                                      * other purposes. */ 
    99102    pj_ssl_sock_t        *parent; 
    100103    pj_ssl_sock_param     param; 
  • pjproject/trunk/pjlib/src/pj/ssl_sock_ossl.c

    r6079 r6091  
    17101710    chain = SSL_get_peer_cert_chain(ossock->ossl_ssl); 
    17111711    if (chain) { 
    1712        ssl_update_remote_cert_chain_info(ssock->pool, 
    1713                                          &ssock->remote_cert_info, 
    1714                                          chain, PJ_TRUE); 
     1712        pj_pool_reset(ssock->info_pool); 
     1713        ssl_update_remote_cert_chain_info(ssock->info_pool, 
     1714                                          &ssock->remote_cert_info, 
     1715                                          chain, PJ_TRUE); 
    17151716    } else { 
    1716        ssock->remote_cert_info.raw_chain.cnt = 0; 
     1717        ssock->remote_cert_info.raw_chain.cnt = 0; 
    17171718    } 
    17181719} 
Note: See TracChangeset for help on using the changeset viewer.