Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

mbedtld: release sessionid resources on error #3574

Closed

Conversation

Projects
None yet
3 participants
@danielgustafsson
Copy link
Member

commented Feb 15, 2019

If mbedtls_ssl_get_session() fails, it may still have allocated memory that needs to be freed to avoid leaking. Call the library API function to release session resources on this errorpath as well as on Curl_ssl_addsessionid() errors.

Closes: #xxxx
Reported-by: Michał Antoniak M.Antoniak@posnet.com

mbedtld: release sessionid resources on error
If mbedtls_ssl_get_session() fails, it may still have allocated
memory that needs to be freed to avoid leaking. Call the library
API function to release session resources on this errorpath as
well as on Curl_ssl_addsessionid() errors.

Closes: #xxxx
Reported-by: Michał Antoniak <M.Antoniak@posnet.com>
@bagder

bagder approved these changes Feb 15, 2019

Copy link
Member

left a comment

These functions are ridiculously badly documented by mbedTLS, but based on existing example code and educated guesses I think this is a step forward.

@jay

This comment has been minimized.

Copy link
Member

commented Feb 15, 2019

s/mbedtld/mbedtls

@lock lock bot locked as resolved and limited conversation to collaborators May 17, 2019

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
You can’t perform that action at this time.