tls_wolfssl: fix memory leaks

Do not use the wolfSSL ECC Fixed Point cache as it is not freed until library cleanup. Also, clear the error queue after each call to wolfSSL_read(). Fixes #2604
OpenSIPS · Oct 8, 2021 · d5d069d · d5d069d
1 parent e941c1f
commit d5d069d
Show file tree

Hide file tree

Showing 2 changed files with 8 additions and 1 deletion.
diff --git a/modules/tls_wolfssl/Makefile b/modules/tls_wolfssl/Makefile
@@ -17,7 +17,8 @@ lib/lib/libwolfssl.a:
 		./autogen.sh; \
 	fi; \
 	if [ ! -f "Makefile" ]; then \
-		env -u DEFS -u CFLAGS -u LDFLAGS -u LIBS ./configure --enable-all \
+		env -u DEFS -u CFLAGS -u LDFLAGS -u LIBS ./configure \
+		--enable-all --disable-fpecc \
 		--enable-writedup --enable-tlsv10 --disable-shared --enable-static \
 		--prefix=$(MOD_DIR)/lib \
 		--exec-prefix=$(MOD_DIR)/lib C_EXTRA_FLAGS="-fPIC"; \

diff --git a/modules/tls_wolfssl/wolfssl_conn_ops.c b/modules/tls_wolfssl/wolfssl_conn_ops.c
@@ -858,6 +858,7 @@ static int _wolfssl_read(struct tcp_connection *c, void *buf, size_t len)
 
 	ret = wolfSSL_read(ssl, buf, len);
 	if (ret > 0) {
+		wolfSSL_ERR_clear_error();
 		LM_DBG("%d bytes read\n", ret);
 		return ret;
 	} else if (ret == 0) {
@@ -872,12 +873,15 @@ static int _wolfssl_read(struct tcp_connection *c, void *buf, size_t len)
 				ip_addr2a(&c->rcv.src_ip), c->rcv.src_port);
 		}
 
+		wolfSSL_ERR_clear_error();
+
 		return 0;
 	} else {
 		err = wolfSSL_get_error(ssl, ret);
 		switch (err) {
 		case SSL_ERROR_WANT_READ:
 		case SSL_ERROR_WANT_WRITE:
+			wolfSSL_ERR_clear_error();
 			return 0;
 		case SSL_ERROR_SYSCALL:
 			LM_ERR("SYSCALL error -> (%d) <%s>\n",errno,strerror(errno));
@@ -889,6 +893,8 @@ static int _wolfssl_read(struct tcp_connection *c, void *buf, size_t len)
 				wolfSSL_ERR_error_string(err, err_buf));
 			c->state = S_CONN_BAD;
 
+			wolfSSL_ERR_clear_error();
+
 			return -1;
 		}
 	}