From d5d069d37a1dddfff002337c5d39f2ad2d83b69e Mon Sep 17 00:00:00 2001 From: Vlad Patrascu Date: Fri, 8 Oct 2021 15:57:30 +0300 Subject: [PATCH] tls_wolfssl: fix memory leaks Do not use the wolfSSL ECC Fixed Point cache as it is not freed until library cleanup. Also, clear the error queue after each call to wolfSSL_read(). Fixes #2604 --- modules/tls_wolfssl/Makefile | 3 ++- modules/tls_wolfssl/wolfssl_conn_ops.c | 6 ++++++ 2 files changed, 8 insertions(+), 1 deletion(-) diff --git a/modules/tls_wolfssl/Makefile b/modules/tls_wolfssl/Makefile index 7925ca6bef2..ec47bfbedba 100644 --- a/modules/tls_wolfssl/Makefile +++ b/modules/tls_wolfssl/Makefile @@ -17,7 +17,8 @@ lib/lib/libwolfssl.a: ./autogen.sh; \ fi; \ if [ ! -f "Makefile" ]; then \ - env -u DEFS -u CFLAGS -u LDFLAGS -u LIBS ./configure --enable-all \ + env -u DEFS -u CFLAGS -u LDFLAGS -u LIBS ./configure \ + --enable-all --disable-fpecc \ --enable-writedup --enable-tlsv10 --disable-shared --enable-static \ --prefix=$(MOD_DIR)/lib \ --exec-prefix=$(MOD_DIR)/lib C_EXTRA_FLAGS="-fPIC"; \ diff --git a/modules/tls_wolfssl/wolfssl_conn_ops.c b/modules/tls_wolfssl/wolfssl_conn_ops.c index a6f7b8d1698..fe80f765181 100644 --- a/modules/tls_wolfssl/wolfssl_conn_ops.c +++ b/modules/tls_wolfssl/wolfssl_conn_ops.c @@ -858,6 +858,7 @@ static int _wolfssl_read(struct tcp_connection *c, void *buf, size_t len) ret = wolfSSL_read(ssl, buf, len); if (ret > 0) { + wolfSSL_ERR_clear_error(); LM_DBG("%d bytes read\n", ret); return ret; } else if (ret == 0) { @@ -872,12 +873,15 @@ static int _wolfssl_read(struct tcp_connection *c, void *buf, size_t len) ip_addr2a(&c->rcv.src_ip), c->rcv.src_port); } + wolfSSL_ERR_clear_error(); + return 0; } else { err = wolfSSL_get_error(ssl, ret); switch (err) { case SSL_ERROR_WANT_READ: case SSL_ERROR_WANT_WRITE: + wolfSSL_ERR_clear_error(); return 0; case SSL_ERROR_SYSCALL: LM_ERR("SYSCALL error -> (%d) <%s>\n",errno,strerror(errno)); @@ -889,6 +893,8 @@ static int _wolfssl_read(struct tcp_connection *c, void *buf, size_t len) wolfSSL_ERR_error_string(err, err_buf)); c->state = S_CONN_BAD; + wolfSSL_ERR_clear_error(); + return -1; } }