From 69c10a41c72d00dc1e1b3c7a938a52e13eeafad8 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?=
<manuel.pegourie-gonnard@arm.com>
Date: Tue, 6 Jul 2021 12:05:23 +0200
Subject: [PATCH 1/2] Fix memory leak on failure path in test code
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
---
programs/ssl/ssl_test_common_source.c | 12 +++++++++---
1 file changed, 9 insertions(+), 3 deletions(-)
diff --git a/programs/ssl/ssl_test_common_source.c b/programs/ssl/ssl_test_common_source.c
index d30c36ea5..7b85c7633 100644
--- a/programs/ssl/ssl_test_common_source.c
+++ b/programs/ssl/ssl_test_common_source.c
@@ -167,7 +167,8 @@ int ssl_check_record( mbedtls_ssl_context const *ssl,
if( ret != ret_repeated )
{
mbedtls_printf( "mbedtls_ssl_check_record() returned inconsistent results.\n" );
- return( -1 );
+ ret = -1;
+ goto cleanup;
}
switch( ret )
@@ -178,29 +179,34 @@ int ssl_check_record( mbedtls_ssl_context const *ssl,
case MBEDTLS_ERR_SSL_INVALID_RECORD:
if( opt.debug_level > 1 )
mbedtls_printf( "mbedtls_ssl_check_record() detected invalid record.\n" );
+ ret = 0;
break;
case MBEDTLS_ERR_SSL_INVALID_MAC:
if( opt.debug_level > 1 )
mbedtls_printf( "mbedtls_ssl_check_record() detected unauthentic record.\n" );
+ ret = 0;
break;
case MBEDTLS_ERR_SSL_UNEXPECTED_RECORD:
if( opt.debug_level > 1 )
mbedtls_printf( "mbedtls_ssl_check_record() detected unexpected record.\n" );
+ ret = 0;
break;
default:
mbedtls_printf( "mbedtls_ssl_check_record() failed fatally with -%#04x.\n", (unsigned int) -ret );
- return( -1 );
+ ret = -1;
+ goto cleanup;
}
/* Regardless of the outcome, forward the record to the stack. */
}
+cleanup:
mbedtls_free( tmp_buf );
- return( 0 );
+ return( ret );
}
int recv_cb( void *ctx, unsigned char *buf, size_t len )
From e5306f6c1dc2e46b95b099678b6050b3fa1bdc89 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?=
<manuel.pegourie-gonnard@arm.com>
Date: Wed, 7 Jul 2021 10:48:26 +0200
Subject: [PATCH 2/2] Use distinct variables for distinct purposes
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
---
programs/ssl/ssl_test_common_source.c | 25 ++++++++++---------------
1 file changed, 10 insertions(+), 15 deletions(-)
diff --git a/programs/ssl/ssl_test_common_source.c b/programs/ssl/ssl_test_common_source.c
index 7b85c7633..6ec4171a8 100644
--- a/programs/ssl/ssl_test_common_source.c
+++ b/programs/ssl/ssl_test_common_source.c
@@ -145,7 +145,7 @@ void dtls_srtp_key_derivation( void *p_expkey,
int ssl_check_record( mbedtls_ssl_context const *ssl,
unsigned char const *buf, size_t len )
{
- int ret;
+ int my_ret = 0, ret_cr1, ret_cr2;
unsigned char *tmp_buf;
/* Record checking may modify the input buffer,
@@ -155,23 +155,21 @@ int ssl_check_record( mbedtls_ssl_context const *ssl,
return( MBEDTLS_ERR_SSL_ALLOC_FAILED );
memcpy( tmp_buf, buf, len );
- ret = mbedtls_ssl_check_record( ssl, tmp_buf, len );
- if( ret != MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE )
+ ret_cr1 = mbedtls_ssl_check_record( ssl, tmp_buf, len );
+ if( ret_cr1 != MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE )
{
- int ret_repeated;
-
/* Test-only: Make sure that mbedtls_ssl_check_record()
* doesn't alter state. */
memcpy( tmp_buf, buf, len ); /* Restore buffer */
- ret_repeated = mbedtls_ssl_check_record( ssl, tmp_buf, len );
- if( ret != ret_repeated )
+ ret_cr2 = mbedtls_ssl_check_record( ssl, tmp_buf, len );
+ if( ret_cr2 != ret_cr1 )
{
mbedtls_printf( "mbedtls_ssl_check_record() returned inconsistent results.\n" );
- ret = -1;
+ my_ret = -1;
goto cleanup;
}
- switch( ret )
+ switch( ret_cr1 )
{
case 0:
break;
@@ -179,24 +177,21 @@ int ssl_check_record( mbedtls_ssl_context const *ssl,
case MBEDTLS_ERR_SSL_INVALID_RECORD:
if( opt.debug_level > 1 )
mbedtls_printf( "mbedtls_ssl_check_record() detected invalid record.\n" );
- ret = 0;
break;
case MBEDTLS_ERR_SSL_INVALID_MAC:
if( opt.debug_level > 1 )
mbedtls_printf( "mbedtls_ssl_check_record() detected unauthentic record.\n" );
- ret = 0;
break;
case MBEDTLS_ERR_SSL_UNEXPECTED_RECORD:
if( opt.debug_level > 1 )
mbedtls_printf( "mbedtls_ssl_check_record() detected unexpected record.\n" );
- ret = 0;
break;
default:
- mbedtls_printf( "mbedtls_ssl_check_record() failed fatally with -%#04x.\n", (unsigned int) -ret );
- ret = -1;
+ mbedtls_printf( "mbedtls_ssl_check_record() failed fatally with -%#04x.\n", (unsigned int) -ret_cr1 );
+ my_ret = -1;
goto cleanup;
}
@@ -206,7 +201,7 @@ int ssl_check_record( mbedtls_ssl_context const *ssl,
cleanup:
mbedtls_free( tmp_buf );
- return( ret );
+ return( my_ret );
}
int recv_cb( void *ctx, unsigned char *buf, size_t len )